Devices, systems and methods for tracking and upgrading firmware in intelligent electronic devices

ABSTRACT

Devices, systems and methods for tracking and upgrading firmware in intelligent electronic devices (IEDs) are provided. The devices, systems and methods provide for tracking firmware versions of at least one or a fleet of IEDs, e.g., electronic power or revenue meters, notifying a user that an update to an existing firmware is available and providing the ability to automatically upload the current or latest version of the firmware to all IEDs.

PRIORITY

This application claims priority to U.S. Provisional Patent Application No. 62/733,923, filed on Sep. 20, 2019, entitled “DEVICES, SYSTEMS AND METHODS FOR TRACKING AND UPGRADING FIRMWARE IN INTELLIGENT ELECTRONIC DEVICES”, the contents of which are hereby incorporated by reference in its entirety.

This application is a continuation-in-part application of U.S. patent application Ser. No. 13/831,708, filed on Mar. 15, 2013, entitled “SYSTEMS AND METHODS FOR COLLECTING, ANALYZING, BILLING, AND REPORTING DATA FROM INTELLIGENT ELECTRONIC DEVICES”, the contents of which are hereby incorporated by reference in its entirety.

This application is a continuation-in-part of U.S. patent application Ser. No. 15/332,447 filed on Oct. 24, 2016, entitled “DEVICES, SYSTEMS AND METHODS FOR UPGRADING FIRMWARE IN INTELLIGENT ELECTRONIC DEVICES”, which claims priority to U.S. Provisional Patent Application No. 62/245,404, filed on Oct. 23, 2015, entitled “DEVICES, SYSTEMS AND METHODS FOR UPGRADING FIRMWARE IN INTELLIGENT ELECTRONIC DEVICES”, the contents of which are hereby incorporated by reference in its entirety.

BACKGROUND Field

The present disclosure relates generally to intelligent electronic devices (IEDs) and, in particular, to devices, systems and methods for upgrading firmware in intelligent electronic devices.

Description of the Related Art

Monitoring of electrical energy by consumers and providers of electric power is a fundamental function within any electric power distribution system. Electrical energy may be monitored for purposes of usage, equipment performance and power quality. Electrical parameters that may be monitored include volts, amps, watts, vars, power factor, harmonics, kilowatt hours, kilovar hours and any other power related measurement parameters. Typically, measurement of the voltage and current at a location within the electric power distribution system may be used to determine the electrical parameters for electrical energy flowing through that location.

Devices that perform monitoring of electrical energy may be electromechanical devices, such as, for example, a residential billing meter or may be an intelligent electronic device (“TED”). Intelligent electronic devices typically include some form of a processor. In general, the processor is capable of using the measured voltage and current to derive the measurement parameters. The processor operates based on a software configuration. A typical consumer or supplier of electrical energy may have many intelligent electronic devices installed and operating throughout their operations. IEDs may be positioned along the supplier's distribution path or within a customer's internal distribution system. IEDs include revenue electric watt-hour meters, protection relays, programmable logic controllers, remote terminal units, fault recorders and other devices used to monitor and/or control electrical power distribution and consumption. IEDs are widely available that make use of memory and microprocessors to provide increased versatility and additional functionality. Such functionality includes the ability to communicate with remote computing systems, either via a direct connection, e.g., a modem, a wireless connection or a network. IEDs also include legacy mechanical or electromechanical devices that have been retrofitted with appropriate hardware and/or software allowing integration with the power management system.

Typically, an TED is associated with a particular load or set of loads that are drawing electrical power from the power distribution system. The TED may also be capable of receiving data from or controlling its associated load. Depending on the type of TED and the type of load it may be associated with, the TED implements a power management function that is able to respond to a power management command and/or generate power management data. Power management functions include measuring power consumption, controlling power distribution such as a relay function, monitoring power quality, measuring power parameters such as phasor components, voltage or current, controlling power generation facilities, computing revenue, controlling electrical power flow and load shedding, or combinations thereof.

Conventional IEDs include the ability to communicate with remote computing systems. Traditionally, IEDs would transfer data using serial based download commands. These commands would be accessed via an RS232, and RS485 or an Ethernet port encapsulating the serial request with an Ethernet message using any Ethernet protocol such as HTTP or TCP/IP. For instance, host software or a “master” would make a request for a set of data from one or more memory registers in an IED slave. At that point, the IED slave would then communicate the data stored in the memory registers back to the host software utilizing a serial transfer. A need exists for systems and methods for efficiently collecting data from various devices, e.g., IEDs. A further need exists for systems and methods for analyzing and reporting such collected data.

SUMMARY

The present disclosure is directed to devices, systems and methods for tracking and upgrading firmware in intelligent electronic devices (IEDs). The present disclosure provides for tracking firmware versions of at least one or a fleet of IEDs, e.g., electronic power or revenue meters, notifying a user that an update to an existing firmware is available and providing the ability to automatically upload the current or latest version of the firmware to all IEDs.

In one aspect of the present disclose, a system is provided comprising: at least one fleet of intelligent electronic devices (IEDs); at least one client device including a firmware tracking and update module, the firmware tracking and update module configured to: track versions of firmware installed on each IED in the at least one fleet, determine which IEDs in the at least one fleet include firmware requiring an update, and update the firmware installed on any IEDs in the at least one fleet including firmware requiring an update.

In one aspect, the system further comprises a server including a server cache configured to store available firmware, wherein the firmware tracking and update module is configured to retrieve new versions of firmware from the server cache and use the retrieved firmware to update the firmware installed on the IEDs in the at least one fleet.

In one aspect, the system further comprises a firmware uploader configured to generate firmware packages and upload the generated firmware package to the server cache of the server.

In one aspect, the system further comprises, wherein the firmware tracking and update module includes a local cache, the firmware tracking and update module configured to store the retrieved firmware from the server cache in the local cache.

In one aspect, the system further comprises, wherein the firmware tracking and update module is configured to determine which IEDs in the at least one fleet include firmware requiring an update by comparing the firmware currently installed on each IED to the firmware stored in the local cache.

In one aspect, the system further comprises, wherein the firmware tracking and update module includes a syncing module configured to sync the firmware stored in the server cache with the firmware stored in the local cache.

In one aspect, the system further comprises, wherein the firmware tracking and update module is configured to maintain compatibility information indicating which types of IEDs the firmware stored in the local cache is compatible with.

In one aspect, the system further comprises, wherein the server cache is configured to store compatibility information indicating which types of IEDs the firmware stored in the server cache is compatible with.

In one aspect, the system further comprises, wherein the firmware tracking and update module includes a syncing module configured to sync the compatibility information stored in the server cache with the compatibility information stored in the local cache.

In one aspect, the system further comprises, wherein the firmware tracking and update module is configured to receive a firmware package from a user to trigger a manual update of at least one IED in the at least one fleet using the received firmware package.

In one aspect, the system further comprises, wherein the firmware tracking and update module is configured to notify a user of the at least one client device when a firmware update for any of the IEDs in the at least one fleet is available.

In one aspect, the system further comprises, wherein the firmware tracking and update module is configured to perform an audit of the firmware currently installed on the IEDs in the at least one fleet and any available updates for the IEDs in the at least one fleet and output the audit for display.

In one aspect, the system further comprises, wherein the firmware tracking and update module is configured to indicate in the audit if any of the IEDs in the at least one fleet are incompatible with a firmware update due to a hardware incompatibility.

In one aspect, the system further comprises, wherein the firmware tracking and update module is configured to track a history of firmware installed on each IED in the at least one fleet and output the history of firmware for display.

In one aspect, the system further comprises, wherein the firmware tracking and update module is configured to track a history of actions performed on the IEDs in the at least one fleet and output the history of actions for display.

In one aspect, the system further comprises, wherein the firmware tracking and update module is configured to enable a user to select which IEDs are included in the at least one fleet.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other objects, features and advantages of the present disclosure will be apparent from a consideration of the following Detailed Description considered in conjunction with the drawing Figures, in which:

FIG. 1 is a block diagram of an intelligent electronic device (IED), according to an embodiment of the present disclosure.

FIGS. 2A-2H illustrate exemplary form factors for an intelligent electronic device (IED) in accordance with an embodiment of the present disclosure.

FIG. 3 illustrates an environment in which the present disclosure may be utilized.

FIG. 4 is a block diagram of a web server power quality and revenue meter, according to an embodiment of the present disclosure.

FIG. 5 is a functional block diagram of the processor of the web server power quality and revenue meter system shown in FIG. 4 , according to the embodiment of the present invention.

FIG. 6 illustrates another environment in which the present disclosure may be utilized.

FIG. 7 is a flow chart illustrating a method for communicating data from an IED on an internal network to a server on an external network through a firewall.

FIG. 8 illustrates yet another environment in which the present disclosure may be utilized.

FIG. 9 illustrates a further environment in which the present disclosure may be utilized.

FIG. 10 illustrates a system architecture of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 11 is a block diagram of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 12 is a block diagram of a common data interface of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 13A illustrates use of a configuration file or map in conjunction with the common data interface shown in FIG. 12 in accordance with an embodiment of present disclosure;

FIG. 13B illustrates a method for buffering data in an intelligent electronic device in accordance with an embodiment of the present disclosure;

FIG. 14 illustrates a plurality of application modules of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 15A illustrates a network discovery feature of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 15B illustrates a network discovery feature of an intelligent electronic device in accordance with another embodiment of present disclosure;

FIG. 16 illustrates a replication feature of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 17 is a method for replicating data/setting of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 18 illustrates a logging or storage feature of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 19 is a flow chart illustrating a method for combining data of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 20 illustrates combining records of a data table of an intelligent electronic device in accordance with an embodiment of present disclosure;

FIG. 21A illustrates a file structure on a remote update server in accordance with an embodiment of the present disclosure;

FIG. 21B illustrates a file structure on an intelligent electronic device in accordance with an embodiment of the present disclosure;

FIG. 22 is a flowchart of an exemplary method of a package install in accordance with an embodiment of the present disclosure;

FIG. 23 illustrates an automated firmware tracking and update system in accordance with an embodiment of the present disclosure;

FIG. 24 illustrates two applications of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 25 illustrates a block diagram of the system of FIG. 23 including the applications of FIG. 24 in accordance with an embodiment of the present disclosure;

FIG. 26 illustrates the cache of a firmware tracking and update module in accordance with an embodiment of the present disclosure;

FIG. 27 illustrates the composition of the cache with compatibility set relations in accordance with an embodiment of the present disclosure;

FIG. 28 illustrates the chaining of various hardware compatibility sets in accordance with an embodiment of the present disclosure;

FIG. 29 illustrates a method in accordance with an embodiment of the present disclosure;

FIG. 30 illustrates a method in accordance with an embodiment of the present disclosure;

FIG. 31 illustrates a relationship between a firmware uploader, a server, and the firmware tracking and update module of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 32 illustrates the interaction between the firmware tracking and update module and a server of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 33 illustrates a method in accordance with an embodiment of the present disclosure;

FIG. 34 illustrates a user interface of a package builder of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 35 illustrates a user interface of a compatibility set editor of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 36 illustrates interactions between a package builder and a package builder tool of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 37 illustrates a user interface of the package builder of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 38 illustrates a method in accordance with an embodiment of the present disclosure;

FIG. 39 illustrates the package builder of the system of FIG. 23 performing various functions in accordance with an embodiment of the present disclosure;

FIG. 40 illustrates a user interface of a package manager of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 41 illustrates a user interface of an option menu of the package manage of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 42 illustrates several features of the firmware tracking and update module of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 43 illustrates a method in accordance with an embodiment of the present disclosure;

FIG. 44 illustrates a firmware tracker of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 45 illustrates a user interface for a local cache report of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 46 illustrates a user interface for a meter audit of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 47 illustrates several features of a firmware updater of the firmware tracking and update module of the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 48 illustrates a process for uploading a firmware to a meter using the system of FIG. 23 in accordance with an embodiment of the present disclosure;

FIG. 49 illustrates a meter action history feature in accordance with an embodiment of the present disclosure;

FIG. 50 illustrates a user interface for a meter configuration screen in accordance with an embodiment of the present disclosure; and

FIG. 51 is a block diagram of an exemplary client device in accordance with an embodiment of the present disclosure.

DETAILED DESCRIPTION

Embodiments of the present disclosure will be described herein below with reference to the accompanying drawings. In the following description, well-known functions or constructions are not described in detail to avoid obscuring the present disclosure in unnecessary detail. The word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any configuration or design described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other configurations or designs. Herein, the phrase “coupled” is defined to mean directly connected to or indirectly connected with through one or more intermediate components. Such intermediate components may include both hardware and software based components.

It is further noted that, unless indicated otherwise, all functions described herein may be performed in either hardware or software, or some combination thereof. In one embodiment, however, the functions are performed by at least one processor, such as a computer or an electronic data processor, digital signal processor or embedded micro-controller, in accordance with code, such as computer program code, software, and/or integrated circuits that are coded to perform such functions, unless indicated otherwise.

It should be appreciated that the present disclosure can be implemented in numerous ways, including as a process, an apparatus, a system, a device, a method, or a computer readable medium such as a computer readable storage medium or a computer network where program instructions are sent over optical or electronic communication links.

Embodiments of the present disclosure will be described herein below with reference to the accompanying drawings.

As used herein, intelligent electronic devices (“IEDs”) sense electrical parameters and compute data and can be any device including, but not limited to, Programmable Logic Controllers (“PLC's”), Remote Terminal Units (“RTU's”), electric power meters, panel meters, protective relays, fault recorders, phase measurement units, serial switches, smart input/output devices and other devices which are coupled with power distribution networks to manage and control the distribution and consumption of electrical power. A meter is a device that records and measures power events, power quality, current, voltage waveforms, harmonics, transients and other power disturbances. Revenue accurate meters (“revenue meter”) relate to revenue accuracy electrical power metering devices with the ability to detect, monitor, report, quantify and communicate power quality information about the power that they are metering.

FIG. 1 is a block diagram of an intelligent electronic device (IED) 10 for monitoring and determining power usage and power quality for any metered point within a power distribution system and for providing a data transfer system for faster and more accurate processing of revenue and waveform analysis.

The IED 10 of FIG. 1 includes a plurality of sensors 12 coupled to various phases A, B, C and neutral N of an electrical distribution system 11, a plurality of analog-to-digital (A/D) converters 14, including inputs coupled to the sensor 12 outputs, a power supply 16, a volatile memory 18, a non-volatile memory 20, a multimedia user interface 22, and a processing system that includes at least one central processing unit (CPU) 50 (or host processor) and one or more digital signal processors, two of which are shown, i.e., DSP1 60 and DSP2 70. The IED 10 also includes a Field Programmable Gate Array 80 which performs a number of functions, including, but not limited to, acting as a communications gateway for routing data between the various processors 50, 60, 70, receiving data from the A/D converters 14 performing transient detection and capture and performing memory decoding for CPU 50 and the DSP processor 60. In one embodiment, the FPGA 80 is internally comprised of two dual port memories to facilitate the various functions. It is to be appreciated that the various components shown in FIG. 1 are contained within housing 90. Exemplary housings will be described below in relation to FIGS. 2A-2H.

The plurality of sensors 12 sense electrical parameters, e.g., voltage and current, on incoming lines, (i.e., phase A, phase B, phase C, neutral N), from an electrical power distribution system 11 e.g., an electrical circuit. In one embodiment, the sensors 12 will include current transformers and potential transformers, wherein one current transformer and one voltage transformer will be coupled to each phase of the incoming power lines. A primary winding of each transformer will be coupled to the incoming power lines and a secondary winding of each transformer will output a voltage representative of the sensed voltage and current. The output of each transformer will be coupled to the A/D converters 14 configured to convert the analog output voltage from the transformer to a digital signal that can be processed by the CPU 50, DSP1 60, DSP2 70, FPGA 80 or any combination thereof.

A/D converters 14 are respectively configured to convert an analog voltage output to a digital signal that is transmitted to a gate array, such as Field Programmable Gate Array (FPGA) 80. The digital signal is then transmitted from the FPGA 80 to the CPU 50 and/or one or more DSP processors 60, 70 to be processed in a manner to be described below.

The CPU 50 or DSP Processors 60, 70 are configured to operatively receive digital signals from the A/D converters 14 (see FIG. 1 ) to perform calculations necessary to determine power usage and to control the overall operations of the IED 10. In some embodiments, CPU 50, DSP1 60 and DSP2 70 may be combined into a single processor, serving the functions of each component. In some embodiments, it is contemplated to use an Erasable Programmable Logic Device (EPLD) or a Complex Programmable Logic Device (CPLD) or any other programmable logic device in place of the FPGA 80. In some embodiments, the digital samples, which are output from the A/D converters 14, are sent directly to the CPU 50 or DSP processors 60, 70, effectively bypassing the FPGA 80 as a communications gateway.

The power supply 16 provides power to each component of the IED 10. In one embodiment, the power supply 16 is a transformer with its primary windings coupled to the incoming power distribution lines and having windings to provide a nominal voltage, e.g., 5 VDC, +12 VDC and −12 VDC, at its secondary windings. In other embodiments, power may be supplied from an independent power source to the power supply 16. For example, power may be supplied from a different electrical circuit or an uninterruptible power supply (UPS).

In one embodiment, the power supply 16 can be a switch mode power supply in which the primary AC signal will be converted to a form of DC signal and then switched at high frequency, such as, for example, 100 Khz, and then brought through a transformer to step the primary voltage down to, for example, 5 Volts AC. A rectifier and a regulating circuit would then be used to regulate the voltage and provide a stable DC low voltage output. Other embodiments, such as, but not limited to, linear power supplies or capacitor dividing power supplies are also contemplated.

The multimedia user interface 22 is shown coupled to the CPU 50 in FIG. 1 for interacting with a user and for communicating events, such as alarms and instructions to the user. The multimedia user interface 22 may include a display for providing visual indications to the user. The display may be embodied as a touch screen, a liquid crystal display (LCD), a plurality of LED number segments, individual light bulbs or any combination. The display may provide information to the user in the form of alpha-numeric lines, computer-generated graphics, videos, animations, etc. The multimedia user interface 22 further includes a speaker or audible output means for audibly producing instructions, alarms, data, etc. The speaker is coupled to the CPU 50 via a digital-to-analog converter (D/A) for converting digital audio files stored in a memory 18 or non-volatile memory 20 to analog signals playable by the speaker. An exemplary interface is disclosed and described in commonly owned pending U.S. application Ser. No. 11/589,381, entitled “POWER METER HAVING AUDIBLE AND VISUAL INTERFACE”, which claims priority to expired U.S. Provisional Patent Appl. No. 60/731,006, filed Oct. 28, 2005, the contents of which are hereby incorporated by reference in their entireties.

The IED 10 will support various file types including but not limited to Microsoft Windows Media Video files (.wmv), Microsoft Photo Story files (.asf), Microsoft Windows Media Audio files (.wma), MP3 audio files (.mp3), JPEG image files (.jpg, .jpeg, .jpe, .jfif), MPEG movie files (.mpeg, .mpg, .mpe, .m1v, .mp2v .mpeg2), Microsoft Recorded TV Show files (.dvr-ms), Microsoft Windows Video files (.avi) and Microsoft Windows Audio files (.wav).

The IED 10 further comprises a volatile memory 18 and a non-volatile memory 20. In addition to storing audio and/or video files, volatile memory 18 will store the sensed and generated data for further processing and for retrieval when called upon to be displayed at the IED 10 or from a remote location. The volatile memory 18 includes internal storage memory, e.g., random access memory (RAM), and the non-volatile memory 20 includes removable memory such as magnetic storage memory; optical storage memory, e.g., the various types of CD and DVD media; solid-state storage memory, e.g., a CompactFlash card, a Memory Stick, SmartMedia card, MultiMediaCard (MMC), SD (Secure Digital) memory; or any other memory storage that exists currently or will exist in the future. By utilizing removable memory, an IED can be easily upgraded as needed. Such memory will be used for storing historical trends, waveform captures, event logs including time-stamps and stored digital samples for later downloading to a client application, web-server or PC application.

In a further embodiment, the IED 10 will include a communication device 24, also know as a network interface, for enabling communications between the IED or meter, and a remote terminal unit, programmable logic controller and other computing devices, microprocessors, a desktop computer, laptop computer, other meter modules, etc. The communication device 24 may be a modem, network interface card (NIC), wireless transceiver, etc. The communication device 24 will perform its functionality by hardwired and/or wireless connectivity. The hardwire connection may include but is not limited to hard wire cabling e.g., parallel or serial cables, RS232, RS485, USB cable, Firewire (1394 connectivity) cables, Ethernet, and the appropriate communication port configuration. The wireless connection will operate under any of the various wireless protocols including but not limited to Bluetooth™ interconnectivity, infrared connectivity, radio transmission connectivity including computer digital signal broadcasting and reception commonly referred to as Wi-Fi or 802.11.X (where x denotes the type of transmission), satellite transmission or any other type of communication protocols, communication architecture or systems currently existing or to be developed for wirelessly transmitting data including spread spectrum 900 MHz, or other frequencies, Zigbee, WiFi, or any mesh enabled wireless communication.

The IED 10 may communicate to a server or other computing device via the communication device 24. The IED 10 may be connected to a communications network, e.g., the Internet, by any means, for example, a hardwired or wireless connection, such as dial-up, hardwired, cable, DSL, satellite, cellular, PCS, wireless transmission (e.g., 802.11a/b/g), etc. It is to be appreciated that the network may be a local area network (LAN), wide area network (WAN), the Internet or any network that couples a plurality of computers to enable various modes of communication via network messages. Furthermore, the server will communicate using various protocols such as Transmission Control Protocol/Internet Protocol (TCP/IP), File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), etc. and secure protocols such as Hypertext Transfer Protocol Secure (HTTPS), Internet Protocol Security Protocol (IPSec), Point-to-Point Tunneling Protocol (PPTP), Secure Sockets Layer (SSL) Protocol, etc. The server will further include a storage medium for storing a database of instructional videos, operating manuals, etc., the details of which will be described in detail below.

In an additional embodiment, the IED 10 will also have the capability of not only digitizing waveforms, but storing the waveform and transferring that data upstream to a central computer, e.g., a remote server, when an event occurs such as a voltage surge or sag or a current short circuit. This data will be triggered and captured on an event, stored to memory, e.g., non-volatile RAM, and additionally transferred to a host computer within the existing communication infrastructure either immediately in response to a request from a remote device or computer to receive said data in response to a polled request. The digitized waveform will also allow the CPU 50 to compute other electrical parameters such as harmonics, magnitudes, symmetrical components and phasor analysis. Using the harmonics, the IED 10 will also calculate dangerous heating conditions and can provide harmonic transformer derating based on harmonics found in the current waveform.

In a further embodiment, the IED 10 will execute an e-mail client and will send e-mails to the utility or to the customer direct on an occasion that a power quality event occurs. This allows utility companies to dispatch crews to repair the condition. The data generated by the meters are use to diagnose the cause of the condition. The data is transferred through the infrastructure created by the electrical power distribution system. The email client will utilize a POP3 or other standard mail protocol. A user will program the outgoing mail server and email address into the meter. An exemplary embodiment of said metering is available in U.S. Pat. No. 6,751,563, which all contents thereof are incorporated by reference herein.

The techniques of the present disclosure can be used to automatically maintain program data and provide field wide updates upon which IED firmware and/or software can be upgraded. An event command can be issued by a user, on a schedule or by digital communication that will trigger the IED 10 to access a remote server and obtain the new program code. This will ensure that program data will also be maintained allowing the user to be assured that all information is displayed identically on all units.

It is to be understood that the present disclosure may be implemented in various forms of hardware, software, firmware, special purpose processors, or a combination thereof. The IED 10 also includes an operating system and micro instruction code. The various processes and functions described herein may either be part of the micro instruction code or part of an application program (or a combination thereof) which is executed via the operating system.

It is to be further understood that because some of the constituent system components and method steps depicted in the accompanying figures may be implemented in software, or firmware, the actual connections between the system components (or the process steps) may differ depending upon the manner in which the present disclosure is programmed. Given the teachings of the present disclosure provided herein, one of ordinary skill in the related art will be able to contemplate these and similar implementations or configurations of the present disclosure.

Furthermore, it is to be appreciated that the components and devices of the IED 10 of FIG. 1 may be disposed in various housings depending on the application or environment. For example, the IED 10 may be configured as a panel meter 900 as shown in FIGS. 2A and 2B. The panel meter 900 of FIGS. 2A and 2B is described in more detail in commonly owned U.S. Pat. No. 7,271,996, the contents of which are hereby incorporated by reference in its entirety. As seen in FIGS. 2A and 2B, the IED 900 includes a housing 902 defining a front surface 902 a, a rear surface 902 b, a top surface 902 c, a bottom surface 902 d, a right side surface 902 e, and a left side surface (not shown). Electrical device 900 includes a face plate 904 operatively connected to front surface 902 a of housing 902. Face plate 904 includes displays 906, indicators 908 (e.g., LEDs and the like), buttons 910, and the like providing a user with an interface for visualization and operation of electrical device 100. For example, as seen in FIG. 2A, face plate 904 of electrical device 900 includes analog and/or digital displays 906 capable of producing alphanumeric characters. Face plate 904 includes a plurality of indicators 908 which, when illuminated, indicate to the user the “type of reading”, the “% of load bar”, the “parameter designation” which indicates the reading which is being displayed on displays 906, a “scale selector” (e.g., Kilo or Mega multiplier of Displayed Readings), etc. Face plate 904 includes a plurality of buttons 910 (e.g., a “menu” button, an “enter” button, a “down” button, a “right” button, etc.) for performing a plurality of functions, including but not limited to: viewing of meter information; entering display modes; configuring parameters; performing re-sets; performing LED checks; changing settings; viewing parameter values; scrolling parameter values; and viewing limit states. The housing 902 includes voltage connections or inputs 912 provided on rear surface 902 b thereof, and current inputs 914 provided along right side surface 902 e thereof. The IED 900 may include a first interface or communication port 916 for connection to a master and/or slave device. Desirably, first communication port 916 is situated in rear surface 902 b of housing 902. IED 900 may also include a second interface or communication port 918 situated on face plate 904.

In other embodiment, the IED 10 may be configured as a socket meter 920, also known as a S-base type meter or type S meter, as shown in FIG. 2C an 2D. The socket meter 920 of FIGS. 2C and 2D is described in more detail in commonly owned application Ser. No. 12/578,062 (U.S. Publication No. 2010/0090680), the contents of which are hereby incorporated by reference. Referring to FIGS. 2C and 2D, the meter 920 includes a main housing 922 surrounded by a cover 924. The cover 924 is preferably made of a clear material to expose a display 926 disposed on the main body 922. An interface 928 to access the display and a communication port 930 is also provided and accessible through the cover 924. The meter 920 further includes a plurality of current terminals 932 and voltage terminals 934 disposed on backside of the meter extending through a base 935. The terminals 932, 934 are designed to mate with matching jaws of a detachable meter-mounting device, such as a revenue meter socket. The socket is hard wired to the electrical circuit and is not meant to be removed. To install an S-base meter, the utility need only plug in the meter into the socket. Once installed, a socket-sealing ring 936 is used as a seal between the meter 920 and/or cover 924 and the meter socket to prevent removal of the meter and to indicate tampering with the meter.

In a further embodiment, the IED 10 of FIG. 1 may be disposed in a switchboard or draw-out type housing 940 as shown in FIGS. 2E and 2F, where FIG. 2E is a front view and FIG. 2F is a rear view. The switchboard enclosure 942 usually features a cover 944 with a transparent face 946 to allow the meter display 948 to be read and the user interface 950 to be interacted with by the user. The cover 944 also has a sealing mechanism (not shown) to prevent unauthorized access to the meter. A rear surface 952 of the switchboard enclosure 942 provides connections for voltage and current inputs 954 and for various communication interfaces 956. Although not shown, the meter disposed in the switchboard enclosure 942 may be mounted on a draw-out chassis which is removable from the switchboard enclosure 942. The draw-out chassis interconnects the meter electronics with the electrical circuit. The draw-out chassis contains electrical connections which mate with matching connectors 954, 956 disposed on the rear surface 952 of the enclosure 942 when the chassis is slid into place.

In yet another embodiment, the IED 10 of FIG. 1 may be disposed in an A-base or type A housing as shown in FIGS. 2G and 2H. A-base meters 960 feature bottom connected terminals 962 on the bottom side of the meter housing 964. These terminals 962 are typically screw terminals for receiving the conductors of the electric circuit (not shown). A-base meters 960 further include a meter cover 966, meter body 968, a display 970 and input/output means 972. Further, the meter cover 966 includes an input/output interface 974. The cover 966 encloses the meter electronics 968 and the display 970. The cover 966 has a sealing mechanism (not shown) which prevents unauthorized tampering with the meter electronics.

It is to be appreciated that other housings and mounting schemes, e.g., circuit breaker mounted, are contemplated to be within the scope of the present disclosure.

FIG. 3 illustrates an exemplary environment 100 in which the present disclosure may be practiced. The network 120 may be the Internet, a public or private intranet, an extranet, wide area network (WAN), local area network (LAN) or any other network configuration to enable transfer of data and commands. An example network configuration uses the Transport Control Protocol/Internet Protocol (“TCP/IP”) network protocol suite; however, other Internet Protocol based networks are contemplated by the present disclosure. Communications may also include IP tunneling protocols such as those that allow virtual private networks coupling multiple intranets or extranets together via the Internet. The network 120 may support existing or envisioned application protocols, such as, for example, telnet, POPS, Mime, HTTP, HTTPS, PPP, TCP/IP, SMTP, proprietary protocols, or any other network protocols. During operation, the IED 110 may communicate using the network 120 as will be hereinafter discussed.

It is to be appreciated that there are at least two basic types of networks, based on the communication patterns between the machines: client/server networks and peer-to-peer networks. On a client/server network, every computer, device or IED has a distinct role: that of either a client or a server. A server is designed to share its resources among the client computers on the network. A dedicated server computer often has faster processors, more memory, and more storage space than a client because it might have to service dozens or even hundreds of users at the same time.

High-performance servers typically use from two to eight processors (which does not include multi-core CPUs), have many gigabytes of memory installed, and have one or more server-optimized network interface cards (NICs), RAID (Redundant Array of Independent Drives) storage consisting of multiple drives, and redundant power supplies. Servers often run a special network OS—such as Windows Server, Linux, or UNIX—that is designed solely to facilitate the sharing of its resources. These resources can reside on a single server or on a group of servers. When more than one server is used, each server can “specialize” in a particular task (file server, print server, fax server, email server, and so on) or provide redundancy (duplicate servers) in case of server failure. For demanding computing tasks, several servers can act as a single unit through the use of parallel processing. A client device typically communicates only with servers, not with other clients. A client system is a standard PC that is running an OS such as Windows. Current operating systems contain client software that enables the client computers to access the resources that servers share. Older operating systems, such as Windows 3.x and DOS, required add-on network client software to join a network. By contrast, on a peer-to-peer network, every computer or device is equal and can communicate with any other computer or device on the network to which it has been granted access rights. Essentially, every computer or device on a peer-to-peer network can function as both a server and a client; any computer or device on a peer-to-peer network is considered a server if it shares a printer, a folder, a drive, or some other resource with the rest of the network. Note that the actual networking hardware (interface cards, cables, and so on) is the same in both client/server networks and peer-to-peer networks. Only the logical organization, management, and control of the networks vary.

The PC client 102 may comprise any computing device, such as a server, mainframe, workstation, personal computer, hand held computer, laptop telephony device, network appliance, other IED, Programmable Logic Controller, Power Meter, Protective Relay etc. The PC client 102 includes system memory 104, which may be implemented in volatile and/or non-volatile devices. One or more client applications 106, which may execute in the system memory 104, are provided. Such client applications may include, for example, FTP client applications. File Transfer Protocol (FTP) is an application for transfer of files between computers attached to Transmission Control Protocol/Internet Protocol (TCP/IP) networks, including the Internet. FTP is a “client/server” application, such that a user runs a program on one computer system, the “client”, which communicates with a program running on another computer system, the “server”. Additionally, user interfaces 108 may be included for displaying system configuration, retrieved data and diagnostics associated with the IED 110.

The intelligent electronic device (IED) 110, in one embodiment, is comprised of at least an FTP Server 131 including a Virtual Command File Processor 133, a File System and Driver 135, a non-volatile memory 137 and a virtual data store 139. Of course, the IED 110 may contain other hardware/software for performing functions associated with the IED; however, many of these functions have been described above with respect to FIG. 1 and will therefore not be further discussed.

IED 110 runs the FTP Server 131 as an independent process in the operating system, allowing it to function independently of the other running processes. Additionally, it allows for multiple connections, using the port/socket architecture of TCP/IP.

By running the FTP Server 131 as an independent process, this means that other systems, such as a Modbus TCP handler, can run on IED 110 concurrently with the FTP Server 131. This also means that multiple FTP connections can be made with the only limitation being the system's available resources.

The FTP Server 131 provides access to the file system 135 of the IED 110 on the standard FTP port (port 21). When a connection is made, PC client 102 sends an FTP logon sequence, which includes a USER command and a PASS command. The PC client 102 then interacts with the IED 110, requesting information and writing files, ending in a logout.

The FTP Server 131 uses two ports for all actions. The first port 21, is a clear ASCII telnet channel, and is called the command channel. The second port, which can have a different port number in different applications, is initiated whenever it is necessary to transfer data in clear binary, and is called the data channel.

The virtual data store 139 is an ideal storage medium for files that are written to very frequently, such as, for example, status information, diagnostics, and virtual command files. In contrast to these types of files are files which require more long term storage, such as, for example, logs, settings, and configurations, more suitably stored using a compact flash drive.

The File Transfer Protocol (FTP) (Port 21) is a network protocol used to transfer data from one computer to another through a network, such as over the Internet. FTP is a commonly used protocol for exchanging files over any TCP/IP based network to manipulate files on another computer on that network regardless of which operating systems are involved (if the computers permit FTP access). There are many existing FTP client and server programs. FTP servers can be set up anywhere between game servers, voice servers, internet hosts, and other physical servers.

FTP runs exclusively over TCP. FTP servers by default listen on port 21 for incoming connections from FTP clients. A connection to this port from the FTP Client forms the control stream on which commands are passed to the FTP server from the FTP client and on occasion from the FTP server to the FTP client. FTP uses out-of-band control, which means it uses a separate connection for control and data. Thus, for the actual file transfer to take place, a different connection is required which is called the data stream. Depending on the transfer mode, the process of setting up the data stream is different.

In active mode, the FTP client opens a dynamic port (for example, 49152-65535), sends the FTP server the dynamic port number on which it is listening over the control stream and waits for a connection from the FTP server. When the FTP server initiates the data connection to the FTP client it binds the source port to port 20 on the FTP server.

To use active mode, the client sends a PORT command, with the IP and port as argument. The format for the IP and port is “h1,h2,h3,h4,p1,p2”. Each field is a decimal representation of 8 bits of the host IP, followed by the chosen data port. For example, a client with an IP of 192.168.0.1, listening on port 49154 for the data connection will send the command “PORT 192,168,0,1,192,2”. The port fields should be interpreted as p1×256+p2=port, or, in this example, 192×256+2=49154.

In passive mode, the FTP server opens a dynamic port (49152-65535), sends the FTP client the server's IP address to connect to and the port on which it is listening (a 16 bit value broken into a high and low byte, like explained before) over the control stream and waits for a connection from the FTP client. In this case the FTP client binds the source port of the connection to a dynamic port between 49152 and 65535.

To use passive mode, the client sends the PASV command to which the server would reply with something similar to “227 Entering Passive Mode (127,0,0,1,192,52)”. The syntax of the IP address and port are the same as for the argument to the PORT command.

In extended passive mode, the FTP server operates exactly the same as passive mode, except that it only transmits the port number (not broken into high and low bytes) and the client is to assume that it connects to the same IP address that it was originally connected to.

The objectives of FTP are to promote sharing of files (computer programs and/or data), to encourage indirect or implicit use of remote computers, to shield a user from variations in file storage systems among different hosts and to transfer data reliably, and efficiently.

In one embodiment of the present disclosure, the IED 110 has the ability to provide an external PC client 102 with an improved data transfer rate when making data download requests of data stored within an IED. This is achieved by configuring the IED 110 to include an FTP server 131 including a Virtual Command File Processor 133. An improved data transfer rate from the IED 110 may be realized by the external PC client 102 issuing virtual commands to the IED 110. In response, the IED 110 processes the received virtual commands in the Virtual Command File processor 133 to construct FTP commands therefrom to be applied to a novel file system 135 of the IED 110, coupled to the FTP server 131, wherein the novel file system 135 is configured as a PC file structure amenable to receiving and responding to the constructed FTP commands. The Virtual command files and the novel file system 135 are discussed in greater detail in co-pending application Ser. No. 12/061,979.

While FTP file transfer comprises one embodiment for encapsulating files to improve a data transfer rate from an IED to external PC clients, the present disclosure contemplates the use of other file transfer protocols, such as the Ethernet protocol such as HTTP or TCP/IP for example. Of course, other Ethernet protocols are contemplated for use by the present disclosure. For example, for the purpose of security and firewall access, it may be preferable to utilize HTTP file encapsulation as opposed to sending the data via FTP. In other embodiments, data can be attached as an email and sent via SMTP, for example. Such a system is described in a co-owned U.S. Pat. No. 6,751,563, titled “Electronic Energy meter”, the contents of which are incorporated herein by reference. In the U.S. Pat. No. 6,751,563, at least one processor of the IED or meter is configured to collect the at least one parameter and generate data from the sampled at least one parameter, wherein the at least one processor is configured to act as a server for the IED or meter and is further configured for presenting the collected and generated data in the form of web pages.

With reference to U.S. Pat. No. 6,751,563, FIG. 4 is a block diagram of a web server power quality and revenue meter 210. The meter is connected to monitor electric distribution power lines (not shown), to monitor voltage and current at the point of connection. Included therein is digital sampler 220 for digitally sampling the voltage and current of the power being supplied to a customer or monitored at the point of the series connection in the power grid. Digital sampler 220 digitally samples the voltage and current and performs substantially similarly to the A/D converters 14 described above in relation to FIG. 1 . The digital samples are then forwarded to processor 230 for processing. It is to be appreciated that the processor 230 may be a single processing unit or a processing assembly including at least one CPU 50, DSP1 60, DSP2 70 and FPGA 80, or any combination thereof. Also connected to processor 230 is external device interface 240 for providing an interface for external devices 250 to connect to meter 210. These external devices might include other power meters, sub-station control circuitry, on/off switches, etc. Processor 230 receives data packets from digital sampler 220 and external devices 250, and processes the data packets according to user defined or predefined requirements. A memory 260 is connected to processor 230 for storing data packets and program algorithms, and to assist in processing functions of processor 230. These processing functions include the power quality data and revenue calculations, as well as formatting data into different protocols which will be described later in detail. Processor 230 provides processed data to network 280 through network interface 270. Network 280 can be the Internet, the World Wide Web (WWW), an intranet, a wide area network (WAN), or local area network (LAN), among others. In one embodiment, the network interface converts the data to an Ethernet TCP/IP format. The use of the Ethernet TCP/IP format allows multiple users to access the power meter 210 simultaneously. In a like fashion, network interface 270 might be comprised of a modem, cable connection, or other devices that provide formatting functions. Computers 290-292 are shown connected to network 280.

A web server program (web server) is contained in memory 260, and accessed through network interface 270. The web server 210 provides real time data through any known web server interface format. For example, popular web server interface formats consist of HTML and XML formats. The actual format of the programming language used is not essential to the present disclosure, in that any web server format can be incorporated herein. The web server provides a user friendly interface for the user to interact with the meter 210. The user can have various access levels to enter limits for e-mail alarms. Additionally, the user can be provided the data in multiple formats including raw data, bar graph, charts, etc. The currently used HTML or XML programming languages provide for easy programming and user friendly user interfaces.

The processor 230 formats the processed data into various network protocols and formats. The protocols and formats can, for example, consist of the web server HTML or XML formats, Modbus TCP, RS-485, FTP or e-mail. Dynamic Host Configuration Protocol (DHCP) can also be used to assign IP addresses. The network formatted data may then be available to users at computers 290-292 through network 280, which connects to meter 210 at the network interface 270. In one embodiment, network interface 270 is an Ethernet interface that supports, for example, 100 base-T or 10 base-T communications. This type of network interface can send and receive data packets between WAN connections and/or LAN connections and the meter 210. This type of network interface allows for situations, for example, where the web server 210 may be accessed by one user while another user is communicating via the Modbus TCP, and a third user may be downloading a stored data file via FTP. The ability to provide access to the meter by multiple users, simultaneously, is a great advantage over the prior art. This can allow for a utility company's customer service personnel, a customer and maintenance personnel to simultaneously and interactively monitor and diagnose possible problems with the power service.

FIG. 5 is a functional block diagram of processor 230 of the web server power quality and revenue meter system according to some embodiments of the present invention. Processor 230 is shown containing four main processing functions. The functions shown are illustrative and not meant to be inclusive of all possible functions performed by processor 230. Power Quality and Revenue Metering functions (metering functions) 310 consist of a complete set of functions which are needed for power quality and revenue metering. Packet data collected by digital sampler 220 is transmitted to processor 230. Processor 230 calculates, for example, power reactive power, apparent power, and power factor. The metering function 310 responds to commands via the network or other interfaces supported by the meter. External Device Routing Functions 330 handle the interfacing between the external device 250 and meter 210. Raw data from external device 250 is fed into meter 210. The external device 250 is assigned a particular address. If more than one external device is connected to meter 210, each device will be assigned a unique particular address. The Network Protocol Functions 350 of meter 210 are executed by processor 230 which executes multiple networking tasks that are running concurrently. As shown in FIG. 5 , these include, but are not limited to, the following network tasks included in network protocol functions 350: e-mail 360, web server 370, Modbus TCP 380, FTP 390, and DHCP 300. The e-mail 360 network protocol function can be utilized to send e-mail messages via the network 280 to a user to, for example, notify the user of an emergency situation or if the power consumption reaches a user-set or pre-set high level threshold. As the processor receives packets of data it identifies the network processing necessary for the packet by the port number associated with the packet. The processor 230 allocates the packet to a task as a function of the port number. Since each task is running independently, the meter 210 can accept different types of requests concurrently and process them transparently from each other. For example, the web server may be accessed by one user while another user is communicating via Modbus TCP and at the same time a third user may download a log file via FTP. The Network to Meter Protocol Conversion Functions 340 are used to format and protocol convert the different network protocol messages to a common format understood by the other functional sections of meter 210. After the basic network processing of the packet of data, any “commands” or data which are to be passed to other functional sections of meter 210 are formatted and protocol converted to a common format for processing by the Network to Meter Protocol Conversion Functions 340. Similarly, commands or data coming from the meter for transfer over the network are pre-processed by this function into the proper format before being sent to the appropriate network task for transmission over the network. In addition, this function first protocol converts and then routes data and commands between the meter and external devices.

Although the above described embodiments enable users outside of the network the IED or meter is residing on to access the internal memory or server of the IED or meter, IT departments commonly block this access through a firewall to avoid access by dangerous threats into corporate networks. A firewall is a system designed to prevent unauthorized access to or from a private network, e.g., an internal network of a building, a corporate network, etc. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. A firewall may employ one or more of the following techniques to control the flow of traffic in and of the network it is protecting: 1) packet filtering: looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules; 2) Application gateway: applies security mechanisms to specific applications, such as FTP and Telnet servers; 3) Circuit-level gateway: applies security mechanisms when a TCP or UDP connection is established; once the connection has been made, packets can flow between the hosts without further checking; 4) Proxy server: intercepts all messages entering and leaving the network, effectively hides the true network addresses; and 5) Stateful inspection: does not examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information; if the comparison yields a reasonable match, the information is allowed through; otherwise it is discarded. Other techniques and to be developed techniques are contemplated to be within the scope of the present disclosure.

In one embodiment, the present disclosure provides for overcoming the problem of not being allowed firewall access to an IED or meter installed within a facility, i.e., the meter is residing on a private network, by enabling an IED to initiate one way communication through the firewall. In this embodiment, the IED or meter posts the monitored and generated data on an Internet site external to the corporate or private network, i.e., on the other side of a firewall. The benefit is that any user would be able to view the data on any computer or web enabled smart device without having to pierce or bypass the firewall. Additionally, there is a business opportunity to host this data on a web server and charge a user a monthly fee for hosting the data. The features of this embodiment can be incorporated into any telemetry application including vending, energy metering, telephone systems, medical devices and any application that requires remotely collecting data and posting it on to a public Internet web site.

In one embodiment, the IED or metering device will communicate through the firewall using a protocol such as HTTP via a port that is open through the firewall. Referring to FIG. 6 , IEDs or meters 410, 412 414 reside on an internal network 416, e.g., an intranet, private network, corporate network, etc. The internal network 416 is coupled to an external network 422, e.g., the Internet, via a router 420 or similar device over any known hardwire, fiber optic or wireless connection 421. A firewall 418 is disposed between the internal network 416 and external network 422 to prevent unauthorized access from outside the internal network 416 to the IEDs or meters 410, 412, 414. Although the firewall 418 is shown between the internal network 416 and the router 420 it is to be appreciated that other configurations are possible, for example, the firewall 418 being disposed between the router 420 and external network 422. In other embodiments, the firewall 418 and router 420 may be configured as a single device. It is further to be appreciated that firewall 418 can be implemented in both hardware and software, or a combination of both.

The communication device or network interface of the meter (as described above in relation to FIG. 1 ) will communicate through the firewall 418 and read a web site server 424. It is to be appreciated that the one way communication from the IED through the firewall may be enabled by various techniques, for example, by enabling outbound traffic to the IP address or domain name of the server 424 or by using a protocol that has been configured, via the firewall settings, to pass through the firewall such as HTTP (Hyper Text Transfer Protocol), IP (Internet Protocol), TCP (Transmission Control Protocol), FTP (File Transfer Protocol), UDP (User Datagram Protocol), ICMP (Internet Control Message Protocol), SMTP (Simple Mail Transport Protocol), SNMP (Simple Network Management Protocol), Telnet, etc. Alternatively, the IED may have exclusive access to a particular port on the firewall, which is unknown to other users on either the internal or external network. Other methods or techniques are contemplated, for example, e-mail, HTTP tunneling, SNTP trap, MSN, messenger, IRQ, Twitter™, Bulletin Board System (BBS), forums, Universal Plug and Play (UPnP), User Datagram Protocol (UDP) broadcast, UDP unicast, Virtual Private Networks (VPN), etc.

The server 424 will provide instructions in computer and/or human readable format to the IED or meter. For instance, the web server 424 might have XML tags that state in computer readable format to provide data for the last hour on energy consumption by 15 minute intervals.

The meter 410, 412, 414 will then read those instructions on that web server 424 and then post that data up on the server 424. In this manner, the IED or meter initiates communication in one direction, e.g., an outbound direction, to the server 424.

Another server (or possibly the same server) will read the data that the meter 410, 412, 414 posts and will format the meter data into data that can be viewed for humans on a web site or a software application, i.e., UI Server 426. Servers 424, 426 can also store the data in a database or perform or execute various control commands on the data. Clients 428 may access the IED data stored or posted on servers 424, 426 via a connection to the network 422.

Since the meters are only communicating in an outbound direction only, the meters 410, 412, 414 can read data or instructions from an external network application (e.g., server 424), but the external network application cannot request information directly from the meter. The server 424 posts the data or instructions on the web site and waits for the meter to check the site to see if there has been a new post, i.e., new instructions for the meter. The meter can be programmed at the user's discretion as to frequency for which the meter 410, 412, 414 exits out to the external network to view the postings.

The meter instruction server 424 will post instructions in a directory programmed/located on the server or into XML or in any fashion that the meter is configured to understand and then the meter will post whatever data it is instructed to do. The meter can also be configured to accomplish control commands. In addition to the meter instruction server 424, a user interface (UI) server 426 is provided that can be used to enable a user interface to the user. The user can provide input on the UI server 426 that might trigger the meter instruction server 424 to produce a message to control the energy next time the meter reads that server.

Referring to FIG. 7 , a method for communicating data from an IED on an internal network to a server on an external network through a firewall is illustrated. In step 452, the IED 410 communicates through the firewall 418 to a predetermined server 424 on an external network 422. The IED 410 may be programmed to periodically communicate to the server at predefined intervals. During this communication session, the IED 410 reads instructions disposed in a directory or folder on the predetermined server 424, step 454. Next, in step 456, the IED 410 collects data from its internal memory or generates data based on the read instructions. The IED 410 then transmits the data to the server 424 in a predetermined format, e.g., extensible markup language (XML), comma-separated value (CSV), etc., step 458. In step 460, the predetermined server 424 posts the received data on a web site accessible from the external network 422. The data may be posted on the server 424 or a UI (user interface) server 426 configured to provide data for end users, e.g., clients 428. It is to be appreciated that the UI server 426 may be configured to post data from several locations in one convenient interface for, for example, an organization managing the several locations. A provider of the servers 424, 426 may charge a fee to the end user for the hosting of the web site and providing the data in a convenient and accessible format.

In another embodiment, the IED or metering device will communicate through the firewall using a server 530 disposed on an internal network protected by a firewall. Referring to FIG. 8 , IEDs or meters 510, 512, 514 reside on an internal network 516, e.g., an intranet, private network, corporate network, etc. The internal network 516 is coupled to an external network 522, e.g., the Internet, via a router 520 or similar device over any known hardwire or wireless connection 521. A firewall 518 is disposed between the internal network 516 and external network 522 to prevent unauthorized access from outside the internal network 516 to the IEDs or meters 510, 512, 514. Although the firewall 518 is shown between the internal network 516 and the router 520 it is to be appreciated that other configurations are possible, for example, the firewall 518 being disposed between the router 520 and external network 522. In other embodiments, the firewall 518 and router 520 may be configured as a single device. It is further to be appreciated that firewall 518 can be implemented in both hardware and software, or a combination of both.

In this embodiment, server 530 aggregates data from the various IEDs 510, 512, 514 coupled to the internal or private network 516. Since the server 530 and the IEDs 510, 512, 514 are all on the same side of the firewall 518, generally communications and data transfers among the server 530 and the IEDs 510, 512, 514 is unrestricted. Server 530 then communicates or transfers the data from the IEDs to server 524 on the external network on the other side of the firewall 518. The communication between servers 530 and 524 may be accomplished by any one of the communication means or protocols described in the present disclosure. The server 524 then posts the data from the IEDs 510, 512, 514 making the data accessible to clients 528 on external networks, as described above.

In a further embodiment, the IED or metering device will communicate through the firewall using a server 630 disposed on an internal network protected by a firewall. Referring to FIG. 9 , IEDs or meters 610, 612, 614 reside on an internal network 616, e.g., an intranet, private network, corporate network, etc. The internal network 616 is coupled to an external network 622, e.g., the Internet, via a router 620 or similar device over any known hardwire or wireless connection 621. A firewall 618 is disposed between the internal network 516 and external network 622 to prevent unauthorized access from outside the internal network 616 to the IEDs or meters 610, 612, 614. Although the firewall 618 is shown between the internal network 616 and the router 620 it is to be appreciated that other configurations are possible, for example, the firewall 618 being disposed between the router 620 and external network 622. In other embodiments, the firewall 618 and router 620 may be configured as a single device. It is further to be appreciated that firewall 618 can be implemented in both hardware and software, or a combination of both.

In this embodiment, server 630 aggregates data from the various IEDs 610, 612, 614 coupled to the internal or private network 616. Since the server 630 and the IEDs 610, 612, 614 are all on the same side of the firewall 618, generally communications and data transfers among the server 630 and the IEDs 610, 612, 614 is unrestricted. Server 630 then communicates or transfers the data from the IEDs to clients 628 on the external network on the other side of the firewall 618. The communication between server 630 and clients 628 may be accomplished by any one of the communication means or protocols described in the present disclosure.

In another embodiment, each IED 610, 612, 614 may be configured to act as a server to perform the functionality described above obviating the need for server 630.

Furthermore in another embodiment, each IED 610, 612, 614 and each client device 628 may be configured as a server to create a peer-to-peer network, token ring or a combination of any such topology.

The systems and methods of the present disclosure may utilize one or more protocols and/or communication techniques including, but not limited to, e-mail, File Transfer Protocol (FTP), HTTP tunneling, SNTP trap, MSN, messenger, IRQ, Twitter™, Bulletin Board System (BBS), forums, Universal Plug and Play (UPnP), User Datagram Protocol (UDP) broadcast, UDP unicast, Virtual Private Networks (VPN), etc.

In one non-limiting embodiment, each IED sends data to a recipient via electronic mail, also known as email or e-mail. An Internet email message consists of three components, the message envelope, the message header, and the message body. The message header contains control information, including, minimally, an originator's email address and one or more recipient addresses. Usually descriptive information is also added, such as a subject header field and a message submission date/time stamp. Network-based email was initially exchanged on the ARPANET in extensions to the File Transfer Protocol (FTP), but is now carried by the Simple Mail Transfer Protocol (SMTP), first published as Internet standard 10 (RFC 821) in 1982. In the process of transporting email messages between systems, SMTP communicates delivery parameters using a message envelope separate from the message (header and body) itself. Messages are exchanged between hosts using the Simple Mail Transfer Protocol with software programs called mail transfer agents (MTAs); and delivered to a mail store by programs called mail delivery agents (MDAs, also sometimes called local delivery agents, LDAs). Users can retrieve their messages from servers using standard protocols such as POP or IMAP, or, as is more likely in a large corporate environment, with a proprietary protocol specific to Novell Groupwise, Lotus Notes or Microsoft Exchange Servers. Webmail interfaces allow users to access their mail with any standard web browser, from any computer, rather than relying on an email client. Programs used by users for retrieving, reading, and managing email are called mail user agents (MUAs). Mail can be stored on the client, on the server side, or in both places. Standard formats for mailboxes include Maildir and mbox. Several prominent email clients use their own proprietary format and require conversion software to transfer email between them. Server-side storage is often in a proprietary format but since access is through a standard protocol such as IMAP, moving email from one server to another can be done with any MUA supporting the protocol.

In one embodiment, the IED composes a message using a mail user agent (MUA). The IED enters the email address of a recipient and sends the message. The MUA formats the message in email format and uses the Submission Protocol (a profile of the Simple Mail Transfer Protocol (SMTP), see RFC 6409) to send the message to the local mail submission agent (MSA), for example, run by the IED's internet service provider (ISP). The MSA looks at the destination address provided in the SMTP protocol (not from the message header). An Internet email address is a string of the form “recipient@meter.” The part before the “@” symbol is the local part of the address, often the username of the recipient, and the part after the “@” symbol is a domain name or a fully qualified domain name. The MSA resolves a domain name to determine the fully qualified domain name of the mail exchange server in the Domain Name System (DNS). The DNS server for the domain responds with any MX records listing the mail exchange servers for that domain, for example, a message transfer agent (MTA) server run by the recipient's ISP. The MSA sends the message to MTA using SMTP. This server may need to forward the message to other MTAs before the message reaches the final message delivery agent (MDA). The MDA delivers it to the mailbox of the recipient. The recipient retrieves the message using either the Post Office Protocol (POP3) or the Internet Message Access Protocol (IMAP4).

Other types of e-mail systems may also be employed, for example, web-based email, POP3 (Post Office Protocol 3) email services, IMAP (Internet Message Protocol) e-mail servers, and MAPI (Messaging Application Programming Interface) email servers to name a few.

In a further embodiment, File Transfer Protocol (FTP) may be employed. Techniques for transferring data from an IED to a device is described in commonly owned pending U.S. patent application Ser. No. 12/061,979, the contents of which are incorporated by reference.

In one embodiment, IEDs employ Universal Plug and Play (UPnP) protocol, which is a set of networking protocols that permits networked devices to discover each other's presence, and notify clients of services available on these devices. UPnP takes the form of UDP broadcast messages, which are sent across a local network, to notify other devices of available services, and http requests to query the details of those devices and services.

In one embodiment, UPnP is employed to allow the network addresses of devices, such as meters, to automatically be discovered by a client. This enables the client software to display a list of all devices which are available. In addition, this could also allow the client software to enable the user to connect to these devices, without having to configure the network address of that device. In addition, the UPnP notify may be used to indicate the health status of the device, including starting up, running, errors in configuration, and resetting.

In another embodiment, UPnP is employed to allow devices, such as meters, to notify the clients of what services they support, such as Modbus, dnp, web, ftp, log download, and data streaming. This could be extended by including information particular to that service or protocol, such as to allow the client to interface with that service with no user input. This could enable the client software to display the device such that the user can focus on the details of the device, rather then worrying about the minutiae of connection information.

In another embodiment, an automated server is configured to perform actions related to these automatically discovered services, such as retrieving real time information, downloading logs, or registering for notification of events. For example, as shown in FIG. 8 , a server 530 could be on a network 516 to collect log information from meters 510, 512, 514, and whenever a meter broadcast that it provided log data, the server 530 could automatically collect that data from the meter. As another example, the server 530 could automatically poll and log the real-time readings of all meters on the network, automatically including them as they become available on the network. As described above, the server 530 may then post the data to server 524. Furthermore, the server 530 may automatically download new firmware, retrieve files and change or modify programmable settings in the meters 510, 512, 514.

In one embodiment, HTTP tunneling is employed to send a message (including the IED's or meter's data) to a server, which listens for such messages, and parses out the IED's or meter's data. This could be performed by embedding the meter's data in a HTTP message, which could be sent to the server, for example, server 424 as shown in FIG. 6 . The HTTP wrapper would allow this data to pass through firewalls which only allow web traffic. For example, in the architecture of FIG. 6 , IED 410 may send a HTTP message containing measured or calculated data through firewall 418 to server 424 or server 430. In another example as shown in FIG. 8 , server 530 may collect data from the various IEDs 510, 512, 514 and forward the collected data in a HTTP message through firewall 518 to server 524.

It is to be appreciated that HTTP tunneling applies to system architectures where a server is provided as the receiver of the IED or meter data, as the clients would be unable to process such information. Referring to FIG. 9 , server 630 is the destination (and collects) the messages generated from the various IEDs 610, 612, 614, but device 628 is a client, and without server software, would be unable to receive the messages. However, by programming device 628 with server software, the client device 628 becomes a server and can receive the messages.

It is further to be appreciated that the HTTP message can be sent based on various triggers including, but not limited to, time-based trigger, event-based trigger, storage capacity based trigger, etc.

In another embodiment, the IEDs can communicate through to devices using a Simple Network Management Protocol (SNMP) trap. SNMP traps enable an agent, e.g., an agent running on an IED, to notify a management station, e.g., a server, of significant events by way of an unsolicited SNMP message. Upon occurrence of an event, an agent that sends an unsolicited or asynchronous trap to the network management system (NMS), also known as a manager. After the manager receives the event, the manager displays it and can choose to take an action based on the event. For instance, the manager can poll the agent or IED directly, or poll other associated device agents to get a better understanding of the event. For the management system to understand a trap sent to it by an agent, the management system must know what the object identifier (OID) of the trap or message defines. Therefore, the management system or server must have the Management Information Base (MIB) for that trap loaded. This provides the correct OID information so that the network management system can understand the traps sent to it. Additionally, a device does not send a trap to a network management system unless it is configured to do so. A device must know that it should send a trap. The trap destination is usually defined by an IP address, but can be a host name, if the device is set up to query a Domain Name System (DNS) server.

Common chat protocols, such as MSN, AIM, IRQ, IRC, and Skype, could be used to send a message, containing the meter's data, to a public chat server, e.g., server 440, 540, 640, which could then route that message to any desired client. Another possible implementation could be to have a special client that listens for these messages, parses the data contents, and presents them as another manner. In one embodiment, the messages are proprietary format Ethernet messages, typically sent over TCP. It is to be appreciated that the actual format depends on the specific chat protocol.

A public social server that supports a common web interface for posting information, such as Twitter™, Facebook™, BBS's, could be used to post a status, containing the meter's data, to a user on the public social server for that service, e.g., server 440, 540, 640. This post could then be viewed by the clients to see the meter's data, or read by another server for further parsing and presentation. The data could be formatted as human readable text (e.g., “The voltage is 120.2v”), as machine parsable text (e.g., “voltage.an=120.2”), hex representing binary data (e.g., “0152BF5E”). The HTTP interface could be used, which would work the same way as users updating it from their browser (HTTP push). Some of these servers also provide a proprietary format Ethernet message, typically sent over TCP.

In one non-limiting example, a public social server such as the system employed by Facebook may be utilized to post the IEDs data so the data is accessible on the external network outside of the firewall. Facebook uses a variety of services, tools and programming languages to make up its infrastructure which may be employed in the systems and methods of the present disclosure to implement the technique described herein. In the front end, the servers run a LAMP (Linux, Apache, MySQL and PHP) stack with Memcache. Linux is a Unix-like operating system kernel. It is open source, highly customizable, and good for security. Facebook's server runs the Linux operating system Apache HTTP server. For the database, Facebook uses MySQL for its speed and reliability. MySQL is used primarily as a key store of value when the data are randomly distributed among a large number of cases logical. These logical instances extend across physical nodes and load balancing is done at physical node. Facebook uses PHP, since it is a good web programming language and is good for rapid iteration. PHP is a dynamically typed language/interpreter. Memcache is a caching system that is used to accelerate dynamic web sites with databases (like Facebook) by caching data and objects in RAM to reduce reading time. Memcache is the main form of caching on Facebook and helps relieve the burden of database. Having a caching system allows Facebook to be as fast as it is to remember information. Furthermore, Facebook backend services are written in a variety of different programming languages like C++, Java, Python, and Erlang. Additionally, it employs the following services: 1.) Thrift—a lightweight remote procedure call framework for scalable cross-language services development, which supports C++, PHP, Python, Perl, Java, Ruby, Erlang, and others; 2.) Escribano (server logs)—a server for aggregating log data streamed in real time on many other servers, it is a scalable framework useful for recording a wide range of data; 3.) Cassandra (database)—a database designed to handle large amounts of data spread out across many servers; 4.) HipHop for PHP—a transformer of source code for PHP script code and was created to save server resources, HipHop transforms PHP source code in C++ optimized, among others. It is to be appreciated that any of the above systems, devices and/or services may be implemented in the various architectures disclosed in the present disclosure to achieve the teaching and techniques described herein.

A public web site, e.g., hosting on server 440, 540, 640, which allows the posting of information, such as a Forum, could be used to post a message, containing the meter's data, to a group, thread, or other location. This post would take place by a HTTP POST to the web site's server, where by the server would store that information, and present it on the web site. This message could then be viewed by the clients to see the meter's data, or read by another server for further parsing and presentation. The data could be formatted as human readable text (e.g., “The voltage is 120.2v”), as machine parsable text (e.g., “voltage.an=120.2”), hex representing binary data (e.g., “0152BF5E”). The HTTP interface could be used, which would work the same way as users updating it from their browser (HTTP push).

User Datagram Protocol (UDP) messages could be used to send a message from the IEDs or meters to a server, which listens for such messages, and parses out the meter's data. When employing UDP broadcasts, messages could be sent from the IEDs or meters to a server, e.g., servers 530, 630, since UDP broadcasts do not work across networks. The messages containing the IED's or meter's data can then be sent to external networks via any of the described (or to be developed) communication methods. Alternatively, a UDP unicast could support sending to any server, e.g., server 424, 524.

A Virtual Private Network (VPN) could be created such that each meter on the internal network is part of the same virtual private network as each of the clients. A Virtual Private Network (VPN) is a technology for using the Internet or another intermediate network to connect computers to isolated remote computer networks that would otherwise be inaccessible. A VPN provides security so that traffic sent through the VPN connection stays isolated from other computers on the intermediate network. VPNs can connect individual IEDs or meters to a remote network or connect multiple networks together. Through VPNs, users are able to access resources on remote networks, such as files, printers, databases, or internal websites. VPN remote users get the impression of being directly connected to the central network via a point-to-point link. Any of the other described (or to be developed) protocols could then be used to push data to another server or clients on the VPN.

Hosted data services, such as a hosted database, cloud data storage, Drop-Box, or web service hosting, could be used as an external server to store the meter's data. Hosted data services can be referred to as Hosting. Each of these Hosts, e.g., servers 440, 540, 640, could then be accessed by the clients to query the Hosted Data. Many of these hosted data services support HTTP Push messages to upload the data, or direct SQL messages. As many web service and cloud hosts allow their users to use their own software, a hosted data service could be further extended by placing proprietary software on them, thus allowing them to act as the external meter server for any of the previously mentioned methods (e.g., servers 424, 524).

In another embodiment, the IEDs can communicate to devices using Generic Object Oriented Substation Event (GOOSE) messages, as defined by the IEC-61850 standard, the content of which are herein incorporated by reference. A GOOSE message is a user-defined set of data that is “published” on detection of a change in any of the contained data items sensed or calculated by the IED. Any IED or device on the LAN or network that is interested in the published data can “subscribe” to the publisher's GOOSE message and subsequently use any of the data items in the message as desired. As such, GOOSE is known as a Publish-Subscribe message. With binary values, change detect is a False-to-True or True-to-False transition. With analog measurements, IEC61850 defines a “deadband” whereby if the analog value changes greater than the deadband value, a GOOSE message with the changed analog value is sent. In situation where changes of state are infrequent, a “keep alive” message is periodically sent by the publisher to detect a potential failure. In the keep-alive message, there is a data item that indicates “The NEXT GOOSE will be sent in XX Seconds” (where XX is a user definable time). If the subscriber fails to receive a message in the specified time frame, it can set an alarm to indicate either a failure of the publisher or the communication network.

The GOOSE message obtains high-performance by creating a mapping of the transmitted information directly onto an Ethernet data frame. There is no Internet Protocol (IP) address and no Transmission Control Protocol (TCP). For delivery of the GOOSE message, an Ethernet address known as a Multicast address is used. A Multicast address is normally delivered to all devices on a Local Area Network (LAN). Many times, the message is only meant for a few devices and doesn't need to be delivered to all devices on the LAN. To minimize Ethernet traffic, the concept of a “Virtual” LAN or VLAN is employed. To meet the reliability criteria of the IEC-61850, the GOOSE protocol automatically repeats messages several times without being asked. As such, if the first GOOSE message gets lost (corrupted), there is a very high probability that the next message or the next or the next will be properly received.

In one embodiment, a server application running on the IED may be employed to send a message (including the IED's or meter's data) to an external server that parses out the IED's or meter's data. The server application on the IED may be a JSON (JavaScript Object Notation) server that embeds the meter's data in a HTTP message, which could be sent to the server, for example, server 424 as shown in FIG. 6 . JSON is an open-standard data format that uses human-readable text to transmit data objects consisting of attribute—value pairs. In one embodiment, the JSON server pushes data via an HTTP POST request using a predetermined URL (uniform resource locator). The HTTP wrapper would allow this data to pass through firewalls which allow web traffic. The IED identifies itself by a unique ID specified in an element in the JSON schema, i.e., the element being a predetermined uniform resource identifier (URI). The JSON schema allows for a definition of a list of readings to be transmitted from the IED to the remote server, where the remote server includes, for example, an application program interface (API) to interpret the readings sent. The list of reading may be pushed on initial startup, a predetermined schedule basis or upon a change in any one of the values. Each reading may include, but not limited to, a value associated to the reading, a time stamp, identification for the reading (e.g., volts for phase A), etc. The readings may be embedded with the request or, alternatively, as a JSON file attachment to the request. It is to be appreciated that the readings may be transmitted using various methods including, but not limited to, cURL, Python, etc., which support various Internet protocols including, but not limited to, HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP (Trivial File Transfer Protocol), LDAP (Lightweight Directory Access Protocol), DAP (Directory Access Protocol), DICT (Dictionary Server Protocol), TELNET (Teletype Network), FILE, IMAP, POP3, SMTP (Simple Mail Transfer Protocol) and RTSP (Real Time Streaming Protocol).

It is to be appreciated that the above-described one-way communication embodiments may apply to systems other than for energy metering. For example, the present disclosure may be applied to a vending machine or system, wherein the vending machine located in a building or structure having a private or corporate network. The vending machine will include, among other data collecting components, at least a communication device or network interface as described above. The communication device or network interface will coupled the vending machine to the internal network which may be further coupled to the Internet via a firewall. The vending machine may vend or dispense a plurality of items, such as soda cans, candy bars, etc., similar to the vending machine described in U.S. Pat. No. 3,178,055, the contents of which are incorporated by reference. In accordance with the present disclosure, the vending machine will monitor and collect data related to the items sold. Such data may include quantities of items sold, a re-stock limit that has been reached, total revenue generated by the vending machine, etc. In one embodiment, the vending machine will post to a web site, residing on a server outside of the internal network such as the Internet, quantities of specific items sold by the vending machine that are required to fill the vending machine. In this manner, an operator that maintains the vending machine can check the web site before going to the location of the vending machine and know exactly how many items are required to fill the vending machine before going to the location to refill the vending machine.

In another embodiment, the teachings of the present disclosure may be applied to a medical device, for example, a medical monitoring device configured to be worn on a patient. In this embodiment, the medical monitoring device will include at least a communication device or network interface as described above and monitor a certain parameter relating to a patient, e.g., a heartbeat. In one embodiment, the at least a communication device or network interface operates on a wireless connection and coupled the medical monitoring device to internal network (e.g., a home network) which may be further coupled to the Internet via a firewall, e.g., a router provided by the Internet Service Provider. At predetermined intervals, the medical monitoring device will communicate to and post the monitored data on a remote website. A user such as a doctor may then view the data of the patient by accessing the web site and not directly connecting to the medical monitoring device.

Other embodiments may include security systems such as fire alarm systems, security alarm systems, etc., which need to report data. Also envisioned are manufacturing sensing equipment, traffic sensing equipment, scientific instrumentation or other types of reporting instrumentation.

Based on the sensitivity of the data being communicated and posted through the firewall to various external networks, various data security techniques are employed by the IEDs (e.g., meters, vending machines, medical monitoring device, etc.) contemplated by the present disclosure, some of which are described below.

The original FTP specification is an inherently insecure method of transferring files because there is no method specified for transferring data in an encrypted fashion. This means that under most network configurations, user names, passwords, FTP commands and transferred files can be “sniffed” or viewed by anyone on the same network using a packet sniffer. This is a problem common to many Internet protocol specifications written prior to the creation of SSL such as HTTP, SMTP and Telnet. The common solution to this problem is to use simple password protection or simple encryption schemes, or more sophisticated approaches using either SFTP (SSH File Transfer Protocol), or FTPS (FTP over SSL), which adds SSL or TLS encryption to FTP as specified in RFC 4217. The inventors have contemplated the use of each of these schemes in the IEDs described above.

In one embodiment, the FTP server 131 in the IED 110 shown in FIG. 3 uses a set of username and passwords which are programmed through Modbus. These username and passwords can only be programmed when a user performs a logon with administrative rights. Each programmed user account can be given differing permissions, which grant or restrict access to different roles within the file system. Each role controls read and write access to specific files and directories within the file system through FTP. These roles can be combined to customize the access a specific user is given. When passwords are disabled by the user, a default user account is used, with full permissions, and a username and password of “anonymous”.

Password protection schemes are measured in terms of their password strength which may be defined as the amount of resiliency a password provides against password attacks. Password strength can be measured in bits of entropy. Password strength is an important component of an overall security posture, but as with any component of security, it is not sufficient in itself. Strong passwords can still be exploited by insider attacks, phishing, keystroke login, social engineering, dumpster diving, or systems with vulnerabilities that allow attackers in without passwords. To overcome these drawbacks it is contemplated to use some form of password encryption scheme (e.g., 8-bit, 10-bit, 16-bit) in concert with the password protection system to facilitate secure communication between an external device, such as PC client 102 and the FTP server 131. However, there are drawbacks associated even with these schemes. For example, a username and password may be encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame, which is equivalent to QWxhZGRpbjpvcGVuIHN1c2FtZQ== when encoded in base-64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings “on the fly”, so an encrypted connection should always be used to prevent interception.

In another embodiment, an encrypted connection scheme is used. In particular, the FTP server 131 in the IED 110 uses some form of FTP security encryption, such as, for example, FTPS (FTP over SSL), Secure FTP (sometimes referred to as FTP over SSH, i.e., FTP over Secure Shell encryption (SSH)), Simple File Transfer Protocol (SFTP), or SSH file transfer protocol (SFTP). The FTP security encryption protocol provides a level of security unattainable with the previously described password encryption schemes.

FTP over SSH refers to tunneling a normal FTP session over an SSH connection. In the present disclosure, FTP uses multiple TCP connections, thus it is particularly difficult to tunnel over SSH. With many SSH clients, attempting to set up a tunnel for the control channel (the initial client-to-server connection on port 21) will protect only that channel; when data is transferred, the FTP software at either end will set up new TCP connections (i.e., data channels) which will bypass the SSH connection, and thus have no confidentiality, integrity protection, etc. If the FTP client, e.g., PC client 102, is configured to use passive mode and to connect to a SOCKS server interface, it is possible to run all the FTP channels over the SSH connection. Otherwise, it is necessary for the SSH client software to have specific knowledge of the FTP protocol, and monitor and rewrite FTP control channel messages and autonomously open new forwardings for FTP data channels.

In further embodiments, the networks may be configured to adhere to cyber security standards to minimize the number of successful cyber security attacks. The cyber security standards apply to devices, IEDs, computers and computer networks. The objective of cyber security standards includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. The term cyber security standards means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. In the various embodiments and implementations of the present disclosure, the systems, devices and methods may be configured to be in accordance with, for example, the Standard of Good Practice (SoGP) as defined by the Information Security Forum, Critical Infrastructure Protection (CIP) standards as defined by the North American Electric Reliability Corporation (NERC), and the ISA-99 standard as defined by the International Society for Automation (ISA), the contents of each being incorporated by reference herein. It is to be appreciated that this lists of cyber security standards is merely an exemplary list and is not meant to be exhaustive.

According to one aspect of the present disclosure, the IED or metering device uses a general purpose operating system, e.g., Linux™, as its base. The IED provides communications on both network and serial interfaces, including Modbus, DNP, and HTTP. The IED monitors both three phase voltage and current, analyzes those values, and records the values in a log. These live values can then be retrieved using the aforementioned communications protocol, or as a log of values.

Each of the metering functions are added on top of the operating system as applications, each of which provides a service. For example, a Modbus server application would provide Modbus support; a web server application would provide web page support; a logging application would provide data and event logging, etc., the details of which are described below.

The IED of the present disclosure provides a platform which can be rapidly expanded and extended to add new functionality, and be quickly ported between platforms. To that end, a general purpose operating system is employed, which provides two benefits: (1) functionality can be implemented as individual applications on top of the operating system, and (2) only the underlying drivers need be changed when porting to a new platform. Additionally, the IED provides logging to keep a record of readings and events for as long as there is room to store them. The IED stores the records independent of current settings, which makes the records more resistant to system errors that would lead to invalid log items. Furthermore, the IED of the present disclosure is self contained—such that it could be configured, calibrated and tested, log retrieved, real time readings viewed, and statuses checked—all without requiring a specialized software and/or hardware to be employed. This frees up the software to focus on the larger picture of how all the meters, for example, in a network, work together.

Referring to FIG. 10 , a system architecture 1000 of an IED employing a general purpose operating system in accordance with the present disclosure is illustrated. The system architecture 1000 is composed of 6 layers, each of which adds functionality on top of the previous. The layers, from lowest to highest, are as follows:

Hardware 1002—The hardware provides the physical metering capabilities, including measuring voltage, current, and high speed inputs, as well as providing the physical interface for the communications media, such as serial and networking.

DSP 1004—The DSP collects the data from the metering hardware, analyzes it, and passes it up to the higher layers.

Drivers 1006—Provides the actual implementation of the hardware specific interfaces, such that the higher layers do not need to know the details of the hardware they are running on top of.

Kernel 1008—The general purpose operating system which runs the applications, and provides the connection between the drivers, and the applications. Additionally isolates the applications from the hardware to enforce a more stringent security policy.

Applications 1010—The applications that provide the primary functionality of the meter, including logging, configuration, and communications. The application layer also provides internal data storage, system maintenance, and system stability monitoring functionality.

User Interface (IU) 1012—The interface to the outside world provided by the applications, including communications protocols such as Modbus, and UI (user interface) services such as a Web Server.

Traditionally, metering devices have been implemented using custom firmware, often which interacts directly with the hardware, and only implements and supports what is directly needed for that device when it is designed. Additionally, these implementations are often written such that all functionality is provided by a single component. This is often called a monolithic architecture. This often leads to problems when trying to expand the functionality of the device. One side effect of a monolithic architecture is that it often results in the problem that changing one component affects many of the other components. Another problem occurs when trying to port the functionality of the device to another platform. This can occur when the hardware of the device's design changes, or when the code is ported to an entirely new device. Because the firmware was written to directly access the hardware, significant modifications need to be made for it to work on the new hardware.

The IED of the present disclosure employs a general purpose operating system as the base for the components of the IED's firmware to facilitate expansion and porting of the IED. For example, the general purpose operating system may be, but is not limited to, Linux™. It is to be appreciated that a custom operating system may be implemented, which performs the components described below.

Referring to FIG. 11 , an IED 1100 is illustrated including a general purpose operating system 1102 executing on a CPU 1103 in accordance with an embodiment of the present disclosure. The general purpose operating system 1102 includes a set of code which provides the following components:

Hardware Drivers 1104—Code which implements the hardware specific functionality, while providing a common interface that the other components can use.

Kernel 1106—The central code which starts up the system, and manages the other operating system components; provides functionality pertinent to the running of the operating system.

Process Management 1008—Management system which allows arbitrary code to run, and ensures that each code block, called a process or application, shares equal time, and is isolated from one another.

Data Storage System 1010—A method to read and write data from a long term storage media 1112. The binary of the processes, also know as applications 1106, are often stored here, separate from the kernel.

Support Applications 1114—Code which implements support functions of the operating system but not specific applications for metering applications.

On top of the general purpose operating system 1102, processes are configured and executed to provide the individual functionality of the IED; each such process is called an application or application module 1116. Each of these applications or application modules 1116 add specific functionality to the TED 1110 or meter, but are independent of the other applications. For example, an application may provide a Modbus Server. As another example, an application may provide a Web Server. As another example, an application may provide data logging.

These applications 1116 may be further extended by keeping the functionality of each application separate from the functionality of another application, such that any one application can be stopped without causing the other applications to lose significant functionality. In one implementation, an application 1116 may encapsulate all the support tools required by the application inside the application itself, with the exception of the common or support tools 1114 provided by the general purpose operating system. For example, the Modbus server application may contain the code to access the network interface provided by the operating system. As another example, an application may contain the code to interface with the file system. This implementation could be improved by allowing the support code included to be loaded from a common source, e.g., a library, such that each of these applications that use such tools would use the same code, but loaded independently, such that they do not rely on each other. For example, extending the first example, the network interface application could be supplied as a Library loaded by the Modbus server; the same Library could then be used by the Web Server, such that the code is the same, but the two instances of the Library do not rely on each other.

Another implementation, which could be used along side the above-described implementation, may be to use long term storage, such as a file system, to pass information between applications, using a data storage mechanism, such as a database. This implementation allows applications to pass useful data between each application, but even if one application stops running, the other application can continue providing it's functionality. For example, the meters readings could be stored in a database, and the Modbus server application then scans or searches the database for the current readings. This implementation may be further extended by allowing applications to start and stop without modifying the contents of these long term storage files. This implementation allows an application to be configured such that it can continue to provide it's functionality, even if the application that provides the information is unreliable or runs infrequently. For example, the data logging application could be designed to only run when a data record needs to be captured, saving system resources. The logged data would still be available to the other applications that use the logged data, such as the Web Server application or Modbus Server application.

In another implementation, the IED allows applications to use the logged data even if the entire system is unreliable. For example, the input power to the device may be turning on and off, causing the device to reset occasionally. The logging application could record readings before the Web Server application was available to present the log data to a requesting client. As another example, if the device that provides the readings, such as the DSP, was temporarily unavailable, such as if the firmware was being updated, the Web Server application can still provide the last available readings, even should the system of the IED reset.

It is to be appreciated that the use of a long term data storage, called a Data File, may be configured such that the format of that file is in a common format, such that each application that wants to use that file can easily be implemented. In one implementation, a formatting application formats the data and/or data file into a common format. For example, instead of storing the readings data in the log data file as an explicit record that stores Voltage and Current readings, the data may be configured as a record that stores a single reading, such that another application may be added that stores Power, without modifying the format of that data file.

The use of a data file could be used to further improve the applications by allowing the application to store information about the current state of the application in the data file. Then, when the application restarted, the application may load those settings, and quickly resume what it was doing. For example, an application that uploads log data to an FTP server could keep track of what data it had already uploaded; if it reset halfway through, it could resume from the last file it uploaded. As another example, an application which downloaded updates to the system could keep track of what parts of the update file it retrieved, and could resume with the parts it doesn't have if a problem occurred.

Another problem with firmware that uses a monolithic architecture occurs when a component of the system must be updated, for example, a bug was fixed. As another example, a new feature was added. As another example, the configuration of a component, such as enabling or disabling settings of a feature, may have changed. When this occurs, the most common solution is to reset the entire system, even when the change was unrelated to other components of the system. For example, a bug fix in the Modbus server would not require the web server to reset.

In an implementation of the present disclosure, the TED enables individual applications to start and stop independently of other applications. For example, if the binary for the Modbus Server application needed to be updated, the binary could be updated, and then just the Modbus Server application restarted, without requiring that the web server application, which is unrelated, be restarted. As another example, this could be done for a change in the configuration of the application, such as changing the Modbus map which the Modbus Server application is presenting to the requesting clients.

Another problem common to monolithic firmwares is that since all the functionality is contained in a single set of loaded code, it is possible for functionality to be accessed, even if the code normally would not allow it. One possible way to do this could be a buffer overrun that causes a jump to a disabled feature. Another possible way to do this could be to cause an electrical discharge onto the hardware, that causes the currently executing code to either change, or jump to another location. Another possible way to do this could be to change the setting that enables or disables that feature, or to load random settings, thus resulting in the feature accidentally being enabled.

Therefore, by allowing applications to run independent of each other as in the IED of the present disclosure, the feature that the application provides can be completely inaccessible by removing it from the storage media that it would be loaded from. For example, the Web Server application may be removed completely by removing the binaries for the Web Server application from the file system. This would prevent it from ever being used, but would not prevent unrelated features, such as logging application or the Modbus server application, from operating correctly.

In one implementation, each feature on the IED is enabled or disabled by the user. When disabled, the binaries are deleted from the system such that they cannot be called. When enabled, the binaries could be downloaded from another source, such as a remote file server, or uploaded by the client. In another implementation, instead of deleting the binary from the system, the IED is configured in such a way as to prevent them from loading. For example, the binary could be marked as not executable on the file system. As another example, the header of the binary, which is used by the general purpose operating system 1102 to determine how to load the binary, could be corrupted in a reversible manner, such as performing an XOR on each byte. As another example, the binary loader could require a specific code in the header of the binary, often called a Magic Number, to load; this Magic Number could be changed to prevent the loading of the binary.

In another implementation, the IED 1100 stores each binary in an archive on the storage media, and when the feature is enabled, the binary for that application is extracted from the archive. The binary would still be deleted when disabled. This archive may further compress the archive's contents, to save space. This archive may further encrypt the contents, such that any unauthorized changes to the archive would invalidate the archive.

Another problem common to monolithic firmware is that when a problem occurs with one component, the whole system must be restarted. This could be because all the components rely on each other. This could also be because all the components are in the same running code set. This could also be because one component has locked up, such that the other components can no longer run. Using applications, this problem is mitigated; however if that application has a problem, the functionality that it provides may no longer be available.

In one embodiment, components of IED 1100 monitor the other applications, and if a problem is detected, then the monitored application could be restarted. Only if the component that implements this functionality had a problem would the entire system have to reset. In one implementation, the IED 1100 includes an application that performs this monitoring functionality. In another implementation, the process management component 1108 of the general purpose operating system 1102 is configured to monitor the individual applications.

In one embodiment, the monitoring functionality, e.g., the process management component 1108, monitors the application's running status, for example, by checking a process id of the application. If the monitor sees that the application is not running, but that it should be, the monitor may then restart the application. In a further embodiment, the monitoring functionality may be configured such that each application includes a function that notifies the monitor, e.g., the process management component 1108, that it is running. For example, this could be implemented as a file that is written by the application on a timer, and the monitor checks that file to see if it is being updated. In another embodiment, each application may generate a system message, such as a network socket, or a pipe. This notification may also include additional status information, such as operational state, to the monitor.

Many devices implement a hardware function that resets the system if that hardware is not notified that the system is still running correctly on some interval. This is often called a watchdog. In one embodiment, the monitoring functionality e.g., the process management component 1108, performs the notification of the watchdog, as it is the component that is best able to make that determination. The monitoring functionality e.g., the process management component 1108, may further include a set of rules, called heuristics, that it could use to determine if the problems with the system are significant enough that it requires a full reset. For example, if applications are failing to start because they are unable to access the storage media, restarting the general purpose operating system may help. As another example, if a hardware device, such as the serial ports, are not accessible by the applications, then restarting the system may help.

In one embodiment, the general purpose operating system 1102 is configured to include a common data interface 1200, as shown in FIG. 12 , to allow the applications that are running on it to be implemented in such a way that they do not need to know what hardware they are directly using. Devices such as meters have specialized data collecting devices not found in most general purpose operating systems. For example, many have analog to digital converters, used to measure voltage or current. As another example, many have digital inputs which measure the shorted/not shorted state of the wires they are connected to. This data often needs to be used by the top level functionality of the meter, but in the isolated model of a general purpose operating system, those top level applications do not have direct access to the data collection hardware of the system. For example, the web server application may want to present voltage on a web page.

Referring to FIG. 12 , the common data interface 1200 includes a driver 1204 that accesses a data collection component 1202, e.g., DSP 60,70 as shown in FIG. 1 , and a interface application 1206 that applications 1208 can use to read the data collected, called a Library. The driver 1204 receives data from the data collection component 1202 and fills memory 1210, e.g., volatile memory, with the data. The interface application 1206 retrieves the data in the memory 1210 for at least one application 1208, via driver 1204. The driver 1204 then may be changed for new hardware, without changing the data access library, thus allowing applications 1208 to be used on different devices, with different hardware, with no change to their code. The data access library may be expanded by providing data other then just the data collected from data collection component 1202. For example, system state information, such as uptime, memory available, data storage space used, and applications running, could be provided. As another example, system configuration information, such as the IP address, device serial number, device type, designation, etc., may be provided.

One implementation of the transfer of data between the data collection component and the memory accessible from the CPU, is to use a DMA controller to transfer the data between the memories of each of the two processors. For example, the kernel running on the CPU could specify a section of its memory to the DMA controller as the location to write data updates to. Then, when the data collection component had an update to the data, it could trigger the DMA controller to transfer the data.

In one embodiment, the CPU includes a first DMA controller 1250 coupled to memory 1210 and the data collection component 1202, e.g., DSP, includes a second DMA controller 1254 coupled to memory 1256. The first DMA controller 1250 is employed to transfer data to the memory 1256 of the data collection component 1202 and the second DMA controller 1254 is employed to transfer data to memory 1210.

A DMA controller can generate addresses and initiate memory read or write cycles. It contains several registers that can be written and read by the CPU. These include a memory address register, a byte count register, and one or more control registers. The control registers specify the I/O port to use, the direction of the transfer (reading from the I/O device or writing to the I/O device), the transfer unit (byte at a time or word at a time), and the number of bytes to transfer in one burst. To carry out an input, output or memory-to-memory operation, the host processor initializes the DMA controller with a count of the number of words to transfer, and the memory address to use. The CPU then sends commands to a peripheral device to initiate transfer of data. The DMA controller then provides addresses and read/write control lines to the system memory. Each time a word of data is ready to be transferred between the peripheral device and memory, the DMA controller increments its internal address register until the full block of data is transferred.

The transfer of data between processors is limited both in the size of the block that can be transferred, and the time it takes to perform the transfer. However, since only a small portion of the data needs to be updated frequently, it would be wasteful to repeat updates by transferring all the data all the time.

One implementation is to break the data into frames, based on the update rate of the data, and only send the frames for the data which needs to be updated. Such a frame could contain a header which specify which data is contained within the frame, so that the driver 1204 can interpret what data is being updated when it receives the frame. Additionally, the header of the frame could contain an update index, so that the driver could identify the order and relation in time of the updated data.

One implementation of the transfer of frames could be to organize the frames in the time domain, such that the fast updating frames are transferred every update, but that the remaining frames are used to transfer lower priority frames that have been queued to be updated. For example, say the maximum data update rate is 4 ms, and the throughput allows for 10 frames to be transferred every 4 ms. On each update, 5 of the frames transferred could be 4 ms updated data, which must be updated every transfer. This leaves 5 frames left over for other update rates. If 50 frames need to be updated every 200 ms, 1 frame each update cycle could be dedicated to transferring these 200 ms frames. If 10 frames need to be updated every 1 second (1000 ms), 1 frame every 100 ms, or 25 update cycles, could be used to transfer these 1 second updated frames. Other arrangements are possible, including using the remaining available frames to transfer slower data when necessary. Also it should be appreciated that the transfer of lower priority frames could be deferred to a later update to make room for higher priority frames, and as such, the arrangement of frames in time is not fixed.

Another implementation of the transfer of frames could be to organize the frames in the data domain, such that all related is transferred together, as a history of updates. For example, say the maximum data update rate is 4 ms, and the throughput allows for 10 frames to be transferred every 4 ms. If 1250 frames of 4 ms data must be transferred every second, then all 10 frames of each update cycle could be used for the first 500 ms of each second to transfer the 1250 frames of the history of the previous second. When the receiving driver 1204 processes the frames, it could use the update index to properly arrange the updated data in time. The remaining 500 ms could then be used to transfer other data in a similar arrangement.

One common problem when designing data interfaces occurs when the data is passed as a fixed layout structure. For example, a structure could be used to pass the data that has a 4 byte unsigned integer for voltage, followed by another 4 byte unsigned integer for current. However, should that interface need to change, for example the values need to be passed as floating point, or a new value needs to be passed, the entire interface must change. This often requires that both the source of the data, and the consumer, change to match. This is often very difficult when the consumer of the data is an external software, such as a Modbus client. Alternatively, if a data access library is used, an explicit function to get each value, often called a property, is implemented. If new values are added, the interface to the data access library must be changed, which again requires that the consumer of the data change.

In another embodiment, the interface 1206 uses a key, independent of the physical layout of the structure to access the data. In one implementation, a string key, such as ‘readings.volts.an’, is provided which is mapped to the value in the memory 1210 by an interface library 1302 as shown in FIG. 13 . For example, the data access library could have a function, GetReading, which takes as input the key, and returns the value requested. This would prevent the applications that use the data access library from having to change if new items were added.

In another embodiment, the data map interface 1302 employs a special library or map, which is knowledgeable about the internal layout of the data in memory 1210. For example, in version 1 of the data layout, volts AN may be stored at an offset of 1000 bytes, and be stored as a 4 byte signed integer. In version 2 of the data layout, volts AN may have moved to an offset of 1036 bytes. In version 3 of the data layout, volts AN may have changed to be stored as a IEEE 4 byte floating point number. In such an example, if there are three applications that use that value, say a web page, a data logger, and a Modbus server, under conventional designs each would have to be updated each time the internal data layout was changed. With such a data map interface of the present disclosure, only the one library would have to be updated, which could easily be included as part of the update to the source of the internal data layout, such as the data collection firmware 1202, e.g. a DSP.

In further embodiment, the data map interface 1302 is configured to a special library, which uses a configuration file 1304 to specify the internal layout and format of the data in memory 1210. For example, such a configuration file 1304 could specify that volts AN is at an offset of 1000 bytes, and has a format of a 4 byte integer. When the data map interface 1302 is initialized, the interface 1302 then loads the map in the configuration file 1304, and use that map to find the requested data. For example, such a configuration file may contain 3 entries for each item: the lookup key, the byte offset, and the format of the item. When an item was requested, the data map interface 1302 would find the key in the configuration file 1304, and use the byte offset and format to read and parse the data to be returned to the requester. The configuration file 1304 may also be loaded on first use, or every time data is requested. In such an example, if the internal data layout changed, such as moving volts AN to an offset of 1036 bytes, the configuration file 1304 could be updated along with the data collection firmware 1202, e.g., DSP, avoiding the need to update the data map interface library.

In other embodiments, the configuration file 1304 may be generated from the same layout that the data collection firmware component 1202 uses. This could help prevent mismatches between the configuration file 1304, and the actual implementation of the layout. In one embodiment, the configuration file 1304 may be configured be to store the each item and it's layout in a management software during development, such that the management software could export both the configuration file, and the source code to be included in the data collection firmware component 1202. Additionally, the configuration file 1304 includes a special item in the data map interface that requests the configuration directly from the data collection firmware 1202. Such a configuration file could be stored in the data collection firmware's memory storage, or as part of the firmware itself, and written to the internal data memory when it first starts running. Such a file could also be requested as part of a windowed command to the data collection firmware.

In yet another embodiment, the configuration file 1304 includes additional information, such as, but not limited to, display names, formatting information, groups of items, and descriptions of the usage of an item. Such a configuration file may then be used by top level applications, to provide information on each item available. Additionally, this would allow applications to use newly added items, without modifying the application. For example, a data logging application could display a list of items able to be logged to the user, where such a list was built by reading the configuration file.

The keyed interface 1302 could be further improved by using a configuration file 1304 that contains the list of keys that an application should use. For example, the Web Server could have a web page that displays voltages, and have a configuration file that lists each of the keys for the voltage that it is to display. The configuration file 1304 could be used to improve the functionality of the applications, such as the Modbus server, by configuring it such that layout it presents would be similar, or the same, as another device. For example, the Modbus server could be configured to present addressed data, called the Modbus Map, in the same way as an older meter, thus allowing it to be used with external software that only works with that old meter.

The configuration file may be configured to store a name to be presented to the user, so that the user can easily understand what value is associated with the key, called a Display Name. For example, ‘readings.volts.an’ could be displayed as ‘Voltage AN’. This would facilitate changing configurations, which would be to display the Display Name along with the displayed value, such that the user could easily understand what the value is. For example, on a web page that displays voltages and currents, the names ‘Volts AN’ and ‘Current A’ could be used to easily distinguish such items from each other. If the configuration value changed, such that the position on the page which previously displayed ‘Volts AN’ now shows ‘Watts 1+4 Phase A’, the user can easily distinguish the two by name.

The keyed interface 1302 could be further improved by allowing the consumer or end user to specify the format that it wants the data in. For example, the internal structure may define a voltage as an 4 byte integer, but the consumer wants it as a float. As another example, the internal structure may have originally defined the format to be a 2 byte integer, but was later changed to a 4 byte integer; the consumer has always requested it as a float, so no change needs to be made to the consumer application. As another example, an external software may only know how to parse 2 byte signed integers, but the device internally stores the value as a double; down scaling would be required.

Since the configuration file may change from time to time, the external software may not be aware of what items it is seeing. For example, a Modbus Map is just an arbitrary block of 2 byte values, called registers, which must be parsed to get the contained values. One possible solution to this could be to provide a method to retrieve the current map, so that any external software that used it would be able to parse the current data arrangement. In one embodiment, a fixed section or item is provided, that contains the configuration for the external software to download. For example, with the Modbus server, a group of Modbus registers in the Modbus map could always return the configuration file, ignoring the configuration for those registers. As another example, with the DNP server, a fixed object could be set to always return the configuration file.

Another possible implementation of this could be to provide an alternative method to retrieve the configuration, outside of the functionality it configures. For example, the Modbus map configuration could be downloaded via a web page. As another example, the Modbus server could respond to a command to send the configuration file to a client by opening a specified port on the client, and streaming the file. This would then be collected by a listener on the client, which could then use the configuration file.

In other embodiments, the keyed interface 1302 is configured to allow writes to internal values, such as system settings, command triggers, temporary variables, long term storage variables, using the key to identify were to write the value, called a Keyed Write. One implementation of this includes adding a function to the data access library, SetValue, which takes a given value, and performs the necessary actions to store that value.

Devices such as meters typically use addressed protocols such as Modbus to allow external clients to read their values. Such a pairing of addresses and value definitions is here called a map. However, since many devices are designed such that the addresses of each value is typically fixed, many external clients are written such that they expect the value to be at that address. Changing this may require extensive configuration, reimplementation, or in the case of old software that is no longer maintained, may not be possible anymore. This causes problems when new devices are added, or existing devices are replaced, that don't use the same addresses.

In one implementation, a device that uses an addressed protocol, such as Modbus, may mimic the map of another device. This would allow new meters that supported such a solution to be added to an existing system without reconfiguring that system. One implementation of mimicking another map could be to implement a configurable mode in the device that when set, the protocol server, such as a Modbus server, of that device uses the map of another device. This could include mimicking the addresses of values in the map, as well as mimicking static values, such as device identification information, so that external clients that use that identification information will believe the device they are communicating with is the old device.

Another implementation of mimicking another map could be for the protocol server, such as a Modbus server, to use a configuration file to describe the map that it uses. Such a configuration file could be designed to mimic the map of another device by specifying for each protocol address: the protocol address to use; the format of value, such as 4 byte signed integer, or 8 byte IEEE float; and the internal value to map the protocol address to. When an external client requested the value of an address from the server, the server could then process the configured map of protocol address, determine the internal value to query, transform it to the format the configured map specifies, and return the mimicked value to the external client. Such a configuration map file could be stored as an xml file, a csv file, or a json file, each of which allows the grouping of entries, such as protocol address, format, and internal address, though other such file formats could also be used.

Using a configurable map file could be further extended by allowing multiple such files to be used on a device, such that the user could select which device to mimic from a list of maps. For example, a device could contain the configuration map for 5 other device types. The list of these device types could be presented to the user, allowing him to choose which map the protocol server would use, until the map was next changed. This implementation could be further improved by allowing external clients to send a command to the protocol server to specify which map to use, such as a Modbus write, where the map to use is a name, or an index in a list.

Using a configurable map file could be further extended by allowing the user to import and export those file to and from the meter. For example, a webpage that is used to configure the Modbus server could list each of the configuration maps that the device contains. Such a page could also have an export button, that when pressed could download the configuration map file from the meter. Such a page could also have an import button, that when pressed could upload a configuration map file from the user's computer, which could then be selected to be used for the Modbus server.

Using a configurable map file could be further extended by allowing the user to configure their own maps. Such configuration could be done by editing an exported configuration map file directly, then importing it back into the meter. Such configuration could also be done by providing a webpage on the meter's webserver that provides the ability to edit a configuration map file. Such a page could provide actions including, but not limited to, copying another configuration map file, creating a new configuration map file, deleting a configuration map file, adding an address entry to an existing map, changing the parameters of an existing address entry in a map, deleting an address entry from a map, or copying the parameters of an address entry in a map.

Protocol servers, such as Modbus servers, typically operate on multiple ports, such as, but not limited to, multiple rs-485 or rs-232 interfaces, and TCP ports. Using a configurable map file could be further extended by allowing each protocol server on each port to use a different configuration map file. For example, a device which has a Modbus server running on 2 rs-485 ports, and TCP ports 502, 5000, and 5001, and which has configuration map files for 5 different device types, could mimic a different device on each port.

One problem that occurs when the consumer of data is not the component that directly accesses the hardware is that this introduces an inherent, non-deterministic, delay between when the value was measured, and when it is presented. This is often called latency. Additionally, if the measured value is updating rapidly, and multiple measurements are being read by the consumer, there exists the possibility that the measurements may not be from the same point in time. Additionally, this is further complicated when the consumer requires that it have the measurement values at a specific point in time, often called an event. For example, voltage may spike for a short period of time, and the consumer may want to record other values at the same time.

In one implementation, the IED buffers the values, such that a short history of such values are available to the consumer. Then, when the consumer wants the values from a specific point in time, that value can be read from the buffer. One implementation of this request could be to use an index, the details of which are described below in relation to FIG. 13B. Another possible implementation could be to use a key, such as an offset, a timestamp, or a reference index of an event.

One implementation of buffering the data could be to store each block of data 1210 transferred from the data collection component 1202 in a different location in memory, such that previous blocks would still be available after the current block 1210 has been updated. One configuration of this is represented in FIG. 13B. Each update to the data blocks 1210 by the driver 1204 places the new data in the next spot in circular buffer 1230. Each of these blocks would then be listed in reference table 1232, and have a unique index 1234. On the application side, when an application requests a data value 1236, the request 1236 may specify an index 1234, and the interface 1206 could then read the value from a previous block of data then the current one. The current data could still be requested by not specifying an index 1234. Such an implementation could be used for any data value accessible from the data interface 1206, including data values such as voltage, current, power, or energy, as well as system values such as processor usage, and events, such as pq events, waveform samples, and limits.

One of the common problems encountered when developing and maintaining devices such as meters is that a large amount of effort must be put into developing and maintaining external support software. For example, a meter may require a suite of testing softwares including calibration, board level tests, and configuration verification tools, often used during the building of the device for a customer. As another example, configuration softwares are often created to provide the user the ability to configure the device. As another example, log softwares are often created to retrieve a meter's logs, and other softwares created to view those logs. As another example, programming software is often created to upload the firmware to the device.

In addition, these softwares need to be maintained in parallel to the firmware they support, which can lead to disjoints in functionality and support when major changes are made to the firmware. Furthermore, since these softwares are external to the device, there is inherent delay in interfacing with the device, which may lead to error in the data transferred. In addition, the device must be programmed with extra functionality to provide the interface for these external softwares to interact with the device.

In one embodiment, the IED 1100 is configured to be self contained include a plurality of application provide all of the functionality to configure, test, and poll the device from the device itself. This would provide 3 benefits: (1.) if common libraries are used, then it is easier to keep these functions up to date, when the device provides them itself; (2.) since there is little to no interfacing with external software required, the data can be more accurate, which can especially improve testing processes such as calibration; and (3.) since there is little to no interfacing with external software required, and the device's firmware already has the ability to access its own internal values, the process of implementing the functionality provided is simpler.

In one implementation, the IED 1400 is configured to includes a plurality of applications or modules 1402, for example, to be executed by the CPU 1404 to configure, test, and poll the device from the device itself. For example, the applications may include, but are not limited to, a web server module 1408, a command interface test module 1409, an update module 1410, a security module 1411, a core items module 1412, a network discovery module 1414, a replication module 1416, a logging module 1418 and a formatting module 1418 as shown in FIG. 14 .

In one embodiment, the web server module 1408 presents web pages for each internal functionality required of the IED 1100. For example, a page may be presented which contains the current readings of the device. As another example, a page may be presented which allows the user to configure the device settings, such as communications parameters, metering parameters, device identification. As another example, a page may be presented which initiates a self test in the device, which verifies that the meter is operating correctly, and then presents the results to the user as another page, or as new contents on the current page. As another example, a page may be presented which allows the user to retrieve the logs of the device, downloaded as a file. As another example, these same logs could be displayed on a web page.

A command interface test module 1409 is provided which interacts with various components such as a touch screen, web page, proprietary command interface, or Modbus command, initiates a test with specified settings. The settings could be specified as part of the command, a file stored on the device, or settings initialized through another command interface. For example, a meter could have a self calibration test, which computes offsets and gains to make the readings of the meter more accurate. This test could employ an external device, such as a steady source, to output known input values, such as voltage or current, by physically connecting the communications ports of the meter to the source and sending the appropriate commands. The voltage and current output terminals of the source would be connected to the voltage and current input terminals of the device. Additionally, the meter could employ the same method to use an external reference device, used to verify and compensate for inaccurate or unsteady sources. This external reference device would also be hooked up to the voltage and current output's of the source.

These internal tests may be stored as a report of the results of the test in the file storage of the device. This report may later be viewed by the user to verify the current tested state of the device. For example, a calibration report could be stored, which could, for each point calibrated, contain error percentage, reference values, values measured, and the calibration values computed. Additionally, these stored reports may store the configured values of the tests in multiple separate files, which could then be selected at a later date to change the current configuration. For example, a meter could be calibrated in such a way as to emphasize accuracy at a high voltage, and then calibrated again to emphasize accuracy at a low voltage. These calibrations could later be selected from to improve the accuracy for a given nominal input. Since in most circumstances, readings are relatively steady, multiple calibrations may be analyzed by a process or application which monitors the readings of the device, and automatically picks the calibration which has been optimized for the current range of the readings. A heuristic could be used to ensure that the calibrations do not keep bouncing back and forth. For example, the readings could be steady for a period of time before switching to that range.

It is to be appreciated that the applications to perform the test may be provided on the IED 1100 and later removed when it is no longer needed. These applications could later be given to the user to include on their device, allowing them to repeat the test should it be necessary or desired. For example, an application for the device could be created which performs calibration. This application may be used to calibrated the device in the factory, then removed, as it requires hardware, such as the external source and reference, that are no longer available. Later, the user may wish that the device be recalibrated, perhaps to adjust for issues with the context of the devices installation. The application, along with instructions for connecting the external devices, could then be given to the user to perform these actions. As another example, the meter could be recalibrated by the user to emphasize accuracy at a point which the factory calibration doesn't emphasize.

Another problem often encountered with such devices occurs when the user encounters problems with the functionality provided by the device, but which the problem has already been fixed. For example, a bug may exist in the version of the Modbus server which the user has on their device, but a newer version that fixes this problem is already available. As another example, a security flaw may have been found and patched in the general purpose operating system, but without the updated operating system, the device is still exposed.

In one embodiment, an update module 1410 is provided to automatically query an external server for updates, and if there are any updates available, download and update those applications. In one embodiment, the IED is configured to have an application on the device, which periodically checks the external server for new updates. If an update is found, it could download the update, and replace the application being updated. In one embodiment, the user configures the update application such that it only performs the update if the user confirms the update. In one embodiment, the user is notified in some manner of the update, such as an email, a list on the web page, an event in the system log, or a notification on the display of the IED.

The transfer of the application may be further facilitated by compressing the update to the application being transferred from the external server to the IED. This would improve the speed of downloading the update, and reduce the required storage space on both the IED and the external server.

Since the external server could be faked, as a method of hijacking the device's functionality, the process of interacting with the external server could be further improved by securing the connection to the external server, via a security module 1411. In one implementation, the security module 1411 may employ HTTPS to ensure that the external server is who the IED expect them to be. In another implementation, the security module 1411 may employ SSL (Secure Socket Layer) or TLS (Transport Layer Security) to wrap the data transferred to and from the external update server.

Since the above methods rely on certificates, which can be faked, the security module 1411 may employ a challenge and response between the IED and the external server, to ensure the external server is real. In one implementation, the external server is configured to have a unique file, whose contents are computed periodically by a private algorithm shared between the IED and the external server. In another implementation, the external server has a special network service running, which sends a generated key, using a private algorithm shared between the IED and the external server, to the device on request. Another implementation employs this same special network server, but for the external server to also require the device to send the external server a generated key.

In one embodiment, the IED is configured to include an application on the IED which performs the functionality of the external server, using either an archive of updates specifically for that purpose, or the updates that it used for it's own functionality. In this embodiment, the update application or module 1410 replicates the external server for other IEDs. For example, an IED with such an external server application could download application updates from an external update server, called the Primary Update Server. Then other devices, e.g., other IEDs, may the query updates from the IED's update application or module 1410 without requiring access to the Primary Update Server. This could then be chained for as long as necessary by the user. In this embodiment, the update application or module 1410 may be configured to notify other devices that an update is available, without their having to query for the update. In one implementation, the update application or module 1410 employs the use of a local network broadcast message, such as UDP, or UPnP event notification, send from the IED to any listening devices. In another implementation, the other IEDs may register with the update application or module 1410 that it wants to be notified of updates. In this embodiment, the update application or module 1410 keeps a list of such devices, and when an update is found, it sends a message specifically to each of those devices. For example, this message could be an HTTP Post. As another example, this message could be a private message sent over TCP or UDP.

Another problem with updating the functionality on a device is that often changes to one application require changes to another application. For example, the Modbus server may require the networking library, the data access library, and driver which reads from the measurement hardware. If a change is made to the data access library, then the Modbus server application may not be able to be updated without also updating the data access library.

In one implementation, the update application or module 1410 includes a list of dependencies for each application. These dependencies could be other applications, which would be required to be updated along with the primary application. In one embodiment, when the update application or module 1410 checks for updates, if the application being checked has any dependencies, it checks those applications first, updating them as necessary, then updating the first application at the end. Another possible implementation of this could be that dependencies are packages of multiple updates, all of which are applied at once, to ensure that everything is updated correctly.

It is to be appreciated that the above described features relating to updating application on IED 1100 will be described in further detail below in reference to FIGS. 21A, 21B and 22 .

Often when a user gets a new device, they must configure both the device and their external system for everything to work the way that they want it to. This is often a time consuming, and error prone, process. For example, the wrong items could be chosen for the logs, only to be found a month later when expected data is missing. As another example, the communications could be misconfigured, forcing a back and forth procedure between the device and external software to get the two to communicate. As another example, the user may have hundreds of devices, each of which have similar settings, but the user must manually configure each and every device, easily leading to repetition errors.

In one embodiment, the IED is configured to have a set of configurations and actions, which are always available regardless of how the user configures the device, stored in a core items module 1412. The core items module 1412 provides the functionality and data which the majority of users would need, the majority of the time. In one embodiment, the core items could be to define a set of data points which describe the most common uses of a metering device. For example, this list could include voltage, current, power, energy, and frequency. As another example, the core items include the accumulators of the device. As another example, the core items may include the raw values read from the measurement hardware of the device. The core items may also include the average, maximum, and minimum value of each of the points in the data set, over a defined interval, for example, the core items module 1412 may be configured to measure the voltage for an interval of 15 minutes, and use the average of those values, along with the max value, and the min value, for the values in the core items. The core items may be automatically logging by core items module 1412 on a defined interval. This my be configured using the same interval as the core item average, max, and min defined interval, for example, the average, max, and min core items may be logged to a core items log every 15 minutes.

It is to be appreciated that having these core items available also allows the other functionality provided by the IED to rely on those values being available. For example, a web page could be created that shows a trend of voltage over the last day. As another example, a web page may be created that compares the energy usage of the current day with the previous one. As another example, an application may be created that analyzes the trends of the core items, looking for power quality problems, and reporting if any are found. As another example, an application may be added to the device, that relies on these core items, and be able to perform actions based on data from before the application was added, as it does not require a dedicated log that the application must create.

The IED 1100 further includes a network discovery module 1414 configured to auto-detect the communications settings on both the IED and external network side. The network discovery module 1414 eliminates the possibility of the user misconfiguring the communications settings.

In one implementation of network discovery, a DHCP server may be employed that allows a client, a personal computer (PC), to query the list of connected DHCP clients, e.g., IEDs or meters, and have the default configuration of the IED to get its network address from DHCP. This list would contain both the network address of the IED, and a unique name specified by the IED. This unique name could be parsed by the client to determine if it is the IED in question.

In one embodiment, the network discovery module 1414 employs a service advertisement protocol on the IED as shown in FIG. 15A. The IED 1502 broadcasts service advertisement 1504 over a network 1506, where the network forwards messages, i.e., the service advertisement 1504, to other devices on the network 1506. The clients 1508, 1510 and/or server 1512 then listen for such advertisements to determine what devices are available on the network. Again, the IED 1502 is configured for DHCP, and allows a server 1512 on the network to determine it's network address. In one embodiment, the IED may be configured for a specific address. It should be appreciated that such an advertisement protocol does not require that the advertiser, i.e., the IED 1502, know the recipient of the advertisement message. This may be achieved by using non-connection oriented protocols, such as multicast and anycast UDP, though other such protocols exist.

In one embodiment, the IED 1502 may be configured to operate under a UPnP protocol. The UPnP is a protocol which allows devices to advertise what functionality is available, as well as provide status updates to a registered client. UPnP is a public protocol, specified in IEC 29341, which devices on a network can use to advertise to other devices on that network that they support certain services. Such a device, e.g., an IED, that advertises services is known as a root device. Devices which listen for service announcements are known as control points. Other service advertisement protocols exist, which could also be used.

Referring to FIG. 15B, IED 1502 is configured as a UPnP root device and operates by periodically broadcasting a SSDP NOTIFY message 1520 to the UDP multicast address 239.255.255.250, port 1900 of server 1512. SSDP (Simple Service Discovery Protocol) is an extension to the HTTP protocol, which uses the commands NOTIFY 1520 to advertise services, and M-SEARCH 1522 to query for services. The NOTIFY 1520 contains information such as the location and USN (Unique Service Name), which are used by the control point to further query the root device for additional information about the service. The location parameter is an XML formatted file, called a device descriptor 1524, which contains information about the device, such as manufacturer, model, serial, and a list of services which the device supports. Each service has a type code, which identifies how the control point should interact with the service, and what features it supports. For example, network storage devices use the type “schemas-upnp-org:service:nascontrol”, and media players include services such as “schemas-upnp-org:service:ConnectionManager”. Each of these services also contain a control and event URL, which are used by the control point to send commands and request updates from the device via SOAP messages.

Additionally, control points can broadcast a SSDP M-SEARCH message to UDP multicast address 239.255.255.250, port 1900, which a root device will respond to by unicasting a NOTIFY to the requester.

Because UPnP relies on UDP multicast, it is restricted to a local network. This can be overcome through the use of gateway devices, such as routers that support bridging multicast messages across two networks, such as the use of the Internet Gateway Device Protocol, via other communication topologies described above.

In one implementation of UPnP for auto-discovery, a unique device types may be used in the model field of the device descriptor file. Control points could then detect the known device, and parse the connection information from the rest of the parameters. In another implementation, unique service type codes are to be used in the NOTIFY 1520 and M-SEARCH 1522, for example by using a “manufacturer:service:modbus” for devices which support Modbus connections, or “manufacturer:service:web” for devices which support HTTP web services. Control points could then detect the known service, and parse the connection information from the rest of the parameters. Additionally, control points could send M-SEARCH requests to elicit NOTIFY's from all devices that supported the requested connection type.

The IED may be configured to support the UPnP protocol by customizing the network discovery module 1414 for the features which the device supports. For example, service control commands may allow for a security risk in the IED, and could be left out of the implementation if not required. As another example, service events may also allow for a security risk in the IED, and could be left out of the implementation if not required. As another example, the use of specific service types, such as “manufacturer:service:modbus” could be implemented. When the device UPnP protocol was started, it could broadcast a NOTIFY with the services supported, and further repeat that NOTIFY on a timer. It could also listen for M-SEARCH requests, and respond with a NOTIFY to each requester. It could also listen for service descriptor requests, typically as web requests over HTTP, and respond with the descriptor xml file.

In a further embodiment, the network discovery module 1414 is configured to use a public server with a known address as an address book. When the IED starts, the network discovery module 1414 sends a message to the public server to register it's address, and any client may query this public server to get the address of the device. This known address may be implemented as either a fixed IP address, or a DNS address. The public server may be configured to have the entries in the address book be removed after a period of time of no activity from the IED. Therefore, the network discovery module 1414 may update the public server periodically with a new registration, but would allow dead entries to be removed. It is to be appreciated that the public server may be configured to act as a communications relay with the IED. In this way, the client never needs to know the address of the IED, nor needs there be a direct communications path from the client to the IED. For example, the client may query the public server for a list of all available devices, and the user would select which of those devices they wish to communicate to. The client may then send the messages to the public server, addressed for the selected device, which would then relay the messages on to the appropriate network address of the device. When the device responded, the public server would then relay the response to the client.

Since the public server could possibly be accessed by multiple users, and it may be desired that those users not be able to access each others' devices, therefore, a user id may be configured, where each IED registered in the public server would have a user id attached to it, possibly assigned when the user purchases the IED. This could also have the added benefit of preventing the user from reselling the device without including the original seller in the transaction. The user id may then be entered into the client software when the user queries the public server. When the client queries the public server for the list of known devices, and when it sends a message to such a device, it would include the user id, which the public server would use to verify and filter the allowed actions.

It is to be appreciated that other methods may be employed by the IED to avoid misconfiguration by the a user. For example, the network discovery module 1414 may prompt a user to verify the settings configured by the user before allowing them to be used. For example, if the user configures the device to have an IP address that is already in use on the network. As another example, if the user adds a log item that doesn't exist. In one embodiment, the IED is configured via a user interface (UI), such as a web page generated by web server module 1402, where the UI prevents the user from entering such invalid configurations. In another embodiment, when the configuration is posted to the device, for example with an HTTP POST, the data could be passed to another element of the UI, which would verify the configuration, possibly notifying the user of errors. Another possible implementation could be after the configuration has been posted to the device, it is passed to another application, which verifies that it is correct, possibly generating a report of errors that could be used by the UI to notify the user of such errors. In one implementation, the modified configuration used by the device is not implemented until the new configuration is verified.

As mentioned previously, one source of error when configuring devices is when having to update multiple devices with the same, or similar, settings. This is further complicated when there are settings which need to be different between each device. For example, the designation of each device should be different. This is further complicated when there are different settings which need to be different between each device. For example, on meter may require a different CT Ratio then all the other meters, and another meter may require a different hookup setting then the other devices.

Referring to FIG. 16 , one implementation to update multiple devices is to enable the configuration/data of the device to be exported from the target device 1602, and then imported to another similar device 1604, e.g., a recipient device, via replication module 1416. It is to be appreciated that, in another embodiment, the replication of the configuration/data data may be initiated from the receipt device 1604 which imports the configuration/data from a target device 1602, via the replication module 1602.

Referring to FIG. 17 , a method for replicating a IED is illustrated. In step 1702, an IED is selected from which configuration/data is to be exported. The replication application or module 1416 is then initiated, in step 1704. In step 1708, the replication module 1416 collects all the configurations of the device, and outputs those configurations in a file format, that can then be returned to the user, in step 1712. A replication module on another IED may then take this file, step 1714, uploaded to the other IED by the user, and parse out the configurations contained within, updating the IED, step 1718.

In one embodiment, the collected data is tagged by replication module 1416 before exporting the file, step 1710. These configuration/data files could be tagged using a text based tag-value pair format, where the tag is a key to the setting, and the value is a string representation of the value. Then, when the settings are transferred between devices, even if those devices are not the same device and thus have different internal formats and layouts for their settings, the settings in the configuration file can still be loaded and used. In one embodiment, settings or configuration data which do not apply to the recipient device can be ignored.

In other embodiments, the data is not tagged but imported from the target device 1602 based on a location where the data or configuration settings are stored, e.g., based on a map or index.

Optionally, the user may be provided with a UI where the user could select what settings they would want to export/import. Referring back to FIG. 17 , the user can select the configurations/data to export before the replication module 1416 collects the data. Alternatively, the UI on the recipient device could allow the user to select what settings they would not want to import, step 1716. For example, the communications settings may be select to not be imported. As another example, just the log settings may be selected to be imported.

Another possible implementation of the configuration files could be to have individual configuration files exported for each category of configuration, allowing individual sections to be updated independently. This could be further improved by providing the user with a UI that they could select what settings they would want to export. Then, only those settings would be imported. Alternatively, the user could select just the configuration files they wished to import.

This manual copying of configuration settings could be cumbersome. Therefore, in one embodiment, the replication module 1416 is configured to request the settings from another device, and import those settings, also known as settings replication. In one implementation, the UI enables the user to enter the network address of the device to replicate, step 1720, along with the settings to include. When the user tells the device to begin, the replication module 1416 requests the configuration files from the device to be replicated, and then imports the configuration files.

The selection of the device to replicate may be further simplified by supporting the same network discovery functionality that the external clients have. For example, a device may query the list of all other similar devices step 1722, and present that list to the user to select which device to replicate, step 1702. Additionally, the user may be presented with a list of features and settings which each device supports. One possible implementation of this could be to use the service discovery feature of the network discovery functionality, such as the service advertisement of UPnP, as described above. Another possible implementation could be for each device to provide a settings file which contains the list of all settings it supports. These lists could then be displayed to the user on the UI to assist them in deciding which device to replicate. For example, the list could be displayed as a text list of each setting supported. As another example, the list could be displayed as a list of icons, each icon uniquely identifying the setting it represents. Alternatively, the user could select which features are required for replication, and only devices which support those features would be displayed.

Sometimes, when a device is retired from service, it would be desirable for the device which it replaces to act as if it was the previous device, including the data that the previous device recorded. For example, a meter may have an error in the hardware, requiring that it be replaced. The meter has been recording voltage, current, and energy for the previous year, and that history is used, and expected, by external client software. Here, the replication module 1416 is to include data files, here called data replication. This data replication could support all the functionality previously described. This replication could be further extended by allowing the direction of the replication to be reversed. For example, a device could present a UI that would allow the user to select a device for this device to replicate to, called the target. The device could then upload it's settings and data to the target.

One implementation of the meter replication file could be to store the replication settings using XML. XML (Extensible Markup Language) is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. It defines information as a combination of nodes and attributes, such that a well defined hierarchy of information is possible. Many other formats have been defined based on XML, which could also be used, such as SOAP and XHTML.

For example, the communications settings for the device could be defined as a node in the XML document, which then contained a separate node for the communications parameters of each port. Each of these communications nodes could then specify the port settings, such as baud rate, parity, and address, as attributes, though they could also be specified as nodes.

As another example, the logging settings could be specified as a node in the XML document, which then contained a child node for each item to be logged. The item node could then specify the logging information, including the internal item to be logged, as well as the rate that it is to be logged at, as attributes. The root logging node could also provide a default logging interval as an attribute.

As another example, the XML document may contain both the communications node, the logging node, and any other sections of settings that have been defined. When importing and processing the settings, the device would then process the name of the XML node to determine what settings it refers to.

The meter replication file could be further extended by also using it for the configuration of the meters settings, as well as for the internal storage of the meter's settings. For example, the exported settings file could be manipulated on the client computer, either by hand or by a configuration software, and then imported back into the meter. As another example, a webpage displayed by the meter's web server could use JavaScript or PHP to manipulate the settings file used by the meter.

Intelligent meters may need to store the measured readings for a period of time, often in a data structure called a log. As storage media get larger, more values can be stored, and for a longer period of time. However, there is still a limit on how much data can be stored. Unfortunately, the expectation of what can be stored often outpaces the actual space to store it in. Another problem that occurs when more data is stored is that it takes longer to find any single point in the data, as more entries need to be searched.

Many common systems exist to provide the ability to store information, however, many of them focus on either providing a relation between two entries, allowing entries to be modified frequently, or storing predefined data. Devices such as intelligent meters have a unique set of requirements:

-   -   Data is infrequently inserted, but often at an even interval.     -   Data is timestamped, and most often inserted in a linear order.         This means that the data is often added by appending after the         previous related entry. The result of this is that the data is         often sorted in time naturally.     -   The data requires very few, if any, updates to existing entries.     -   Requests to read the data are often infrequent, but often         require a large number of entries to be returned. However, this         can frequently be just a large portion of the larger Log, where         the location in the log may be changing all the time.     -   New sources of data could be added, or an old one removed, at         any time. Many devices solve this problem by forcing the Logs to         be cleared and reformatted, however this could lead to a loss of         data.

In one embodiment to meet these requirements, an IED of the present disclosure includes a logging module 1418 that employs a general purpose database 1800, such as relational databases like PostGreSQL, SQLite, or a custom database built for the purpose, and store the data for each data source, here called a channel, in a separate table 1804, as shown in FIG. 18 . Employing a general purpose database 1800 provides the following advantages. First, segregating the channels from each other allows you to query just the data you are looking for, without requiring that the channels be hard coded, or uniform. Second, the table size is kept small, which minimizes the processing required to filter the records that are being requested. Thirdly, since each table is unique to a channel, extra information about which channel a record applies to need not be stored, which can save significant space when many records are stored.

It is to be appreciated that the term channel refers to any data item that can be logged. For example, volts AN may be a channel, but so could internal watt-hr readings, current time, processor usage, allocated memory, etc.

To index each of these channel tables 1804, a channel reference table 1802 is configured to indicate which table contains which channel. The channel reference table 1802 may also contain analysis information about each channel, such as the time range of the data contained within, to help optimize access to the data without hard coding what the channels contain.

The logging module 1418 may be further configured to analyze existing logs and to reduce the amount of space that the log takes when possible. In one embodiment, the logging module 1418 compresses each entry of the log, called a record, so as to reduce the size it takes. In another embodiment, the logging module 1418 combines records of a channel on a time range. For example, all the records for Volts AN for a single day could be combined into a single record, where a binary representation of each of the original records is stored in a single binary array of the resultant record. This results in an increase in speed querying records, as the number of records searched over would be reduced. Since the individual records in the binary array would be in a time sorted order, and a small search space, little performance hit would be seen parsing out the single records required. This also results in a decrease in the space required to store the records, as many databases require additional maintenance space for each record.

Combining records may be further improved by compressing the binary array stored in the combined record, further decreasing the space required, while only requiring a small speed hit decompressing the binary array when queried. The compression could be implemented by the logging module 1418 by compressing the data at the time of combining the records. The decompression could be implemented by a client at the time of request. The decompression could also be implemented by the data type of the database, expanding to fill the record set being returned to the application on request.

In another embodiment, the logging module 1418 may only combine the records after a period of time has elapsed, or the records are of a certain age, as shown in FIGS. 19 and 20 . For example, the most recent month of records could be kept uncombined, and all records prior to that could be combined. This would allow faster and easier access to recent data, as it would not require reversing the combining. Referring to FIGS. 19 and 20 , the logging module 1418 may be configured to periodically check the log data stored in the database, and combines records which are over a configured date range from the current date. Initially, in step 1902, the logging module 1418 queries the data tables 1804 to determine if any of the data is outside of a predetermined range, e.g., a particular month. If the data is within the predetermined range, step 1904, the logging module 1418 continues to monitor the data. If the data is not within the predetermined range, the logging module 1418 combines the data outside the predetermined range into a single block, step 1906. Next, in step 1908, the block is compressed and inserted as a record in the table 1804, step 1910. This data is then removed from the channel data, step 1912. As shown in FIG. 20 , data table 1804 includes current data 1810, e.g., data with the predetermined range, and references to compressed data 1812. For the current data 1810, a time field 1814 indicates a time the data was recorded and a value field 1816 includes the recorded value. For the compressed data 1812, a time field 1814 indicates a range of the compressed data, e.g., the month of January, and a value field 1816 includes a reference to the compressed block 1818.

Additionally, the logging module 1418 may scan the records at the time of insert, and combine any uncombined records which are outside the current date range. Furthermore, this functionality may be implemented in the database engine itself, combining and uncombining the records transparently to the applications that read and write to the database. For example, this could be implemented as a custom data type that stores a time sorted array of values. As another example, this could be implemented as a custom action, such as a stored procedure, which performs the check and combine whenever records are inserted to the database. As another example, this could be implemented as a custom database table format, along with a custom interface to that table, that reads and writes the records appropriately.

Users often expect data to be available for the length of time that there is enough storage to hold. However, many devices require that their logs be cleared and reformatted if any changes were made to related settings. For example, many devices store their channels by combining each channel into a single record. If the list of channels that are being stored changes, this requires that the log be cleared and reformatted. If the user does not store the data locally, then the data is lost. Additionally, even if the user does store the data locally, they must then provide a way for that data to be transferred to other users, as they can no longer go to the device for the data.

On many devices, this problem is mitigated by the fact that the device only has a limited space in which to store records, often being exceeded before such configuration changes require action. With the space for long term storage however, this issue must be addressed. By storing log data where each channel is stored as its own table, as described above, the need to change the format of the log when a channel is added or removed is eliminated.

A related issue to long term storage of reconfigured data is how to store and represent the data, when the configuration of how to interpret that data changes. For example, devices such as meters often have two versions of the voltage they measure: the primary value, which is presented to the user, and the secondary value, which is directly what the device reads. The primary value could be much higher than the device is capable of measuring, so the value is scaled down to the input range of the device, and a ratio, called the PT ratio, is applied to scale the value back up to the original range. If the secondary value is stored, and the PT ratio is changed, then the primary value may not be recoverable. As another example, users often want to see the energy values scaled with a certain number of decimal places, which is sometimes hard coded in the stored format of the energy.

In one implementation, the IED 1100 includes a formatting module 1420 configured to format measured and logged data. So that log values do not have to be cleared when settings are changed, the formatting module 1420 stores all values in the final format, such that even if the configuration of the device is changed, the values are still meaningful. For example, voltage could always be stored in primary. As another example, energy could always be stored as a binary number, scaled to units.

In another embodiment, the formatting module 1420 stores all values as text strings. This would easily allow the values to be of arbitrary resolution, though they would always be unit scaled. For example, voltage could be represented as “120.7”. As another example, 75.3 kilo-watt-hours could be represented as “75300”.

The formatting module 1420 may be further configured to keep track of the settings which relate to a channel, and then uniquely tie that to each value, such that the correct value could be reproduced when necessary. In one embodiment, the formatting module 1420 created a settings history table, which is referenced by the channel values. This has the added advantage of being able to view the history of settings in the device.

Users often want data to be presented to them in a specific format, which may not match the internal storage format. Therefore, the formatting module 1420 may be further configured to include conversion functionality, such that if the user asks for data in a specific format, the conversion functionality reformats the internal data into the requested format. Since only the one format is ever internally stored, no extra space is required. For example, the user could ask for a csv file with the log data, and the functionality could convert the internal database data into string timestamps and values, and return the requested file. In one embodiment, the formatting module 1420 includes an application for each format required, where each application would take as input the parameters of conversion, such as the channels required, and output a file in the new format. In a further embodiment, the formatting module 1420 may be configured to output the new format to an interface string buffer, called Standard Out, which another application could take as input, called Piping. These applications could then be called by UI applications, such as the web server application, to acquire and present the formatted data to the user.

The conversion could be further improved by adding value to the formatted data. The formatted data may be displayed in a graphical format, such as a graph. Another possible way to add value could be to analyze the data, and generate a report. Another possible way to add value could be to aggregate multiple channels together, to generate a new data set. For example, 2 pulse accumulators could be added together to give a 3^(rd) accumulator value. As another example, a pulse accumulator could be subtracted from a energy accumulator, to give a 3^(rd) accumulator value.

The conversion could be further improved by passing the formatted data to another application, that generates a report file in a more common format. For example, a csv file could be generated, then passed to an application that converts that data to a PDF report. As another example, the formatting module 1420 converts the internal data to a csv file. As another example, the formatting module 1420 generates a graph of a channel's value over time; this graph may be outputted as a picture file, or as a set of data that could be graphed by another application. As a further example, the formatting module analyzes the energy usage over time, applies a time of use rate structure to the interval energy usage, and outputs a file where the energy usage is aggregated and binned according to the rate structure. As yet another example, the formatting module 1420 analyzes the measured readings over time, and prepares a standards report, such as an EN50160 report. As another example, the formatting module 1420 analyzes the power quality recordings of the device over time, attempts to detect problems with the system that the device is measuring, and presents a report to help the user detect problems.

The use of the conversion to query data for the user could be further extended by dynamically generating the parameters to the conversion application from the UI. For example, the web server application 1408 may have a page that takes a dynamic parameter list as input to the page as part of the address. These parameters could then be passed to the conversion application. These parameters could include the channels to use, the date range to query, the format of the output.

In addition to channel data, the above mentioned techniques could also be applied to other logged values, such as power quality events, system logs, and waveform captures. In these cases, the data unique to that event is the ‘data’ of the channel described in the above techniques.

With multiple applications performing the analysis and storage of log data, it is important to know when that data should be stored, and to synchronize what data is stored. For example, an interval log may want to record every 15 minutes; if the data is recorded at 12:15:17, then it is late, and not valid. As another example, if a waveform event occurs, such as a sudden dip in the voltage measured, a power quality event may be recorded, as well as the waveform sample data, as well as the measured readings at the time of the event. If all these records do not refer to the same point in time, then the event cannot be fully analyzed.

The logging module 1418 is further configured to detect a system wide event, which the logging module 1418 wait on to record their data. In one embodiment, the logging module 1418 watches for such events, and when they occur, generates this event. When each individual logging application sees this event, they record their relevant data.

In another embodiment, this trigger may be caused by a user action, such as clicking a button on a web page. This user trigger may be configured to allow the user to specify a number of repeats, an interval between those repeats, a period in which to apply this logic, and a set of logic that would lead to that trigger occurring. For example, a trigger could be set up that performs a waveform capture every minute for 10 minutes. As another example, a trigger could be set up that triggers if a digital input reads 1, and voltage is above 130v, and it is between the hours of 6 pm and 6 am.

Since the logging module 1418 may not have the ability to capture the relevant data before that data is replaced, the logging module 1418 will record the trigger of the event including the buffer index of the data in question. This way, each of the loggers can be synchronized in time. For example, if the watch application detects an event in data buffer 17, and when the logging applications go to record that data the current data buffer is 23, they can query the data from buffer 17 to be logged. The use of the buffer index could be improved by the logging applications also being able to query the buffers before and after the event's buffer index. This would allow logging applications to record information about a larger period of time. For example, a waveform logger could log the waveform samples from before and after the event, giving a picture of what led up to the event, and the after effects.

Users often use multiple browsers to view webpages, such as Internet Explorer, Firefox, Opera, Chrome, and Safari. As each of these browsers work differently, webpages that use JavaScript must often contain additional code to detect and work properly on each of these browsers. Additionally, the method of manipulating a webpage with JavaScript, which uses the webpage's DOM, or Document Object Model, is confusing, difficult to use, and can be error prone. Additionally, JavaScript provides poor support, which is often browser dependent, for processing data files transferred from the device.

One implementation is to configure a JavaScript library which extends and simplifies these tasks, on the webpages presented by the device's web server. For example, a JavaScript library could be used to read a list of waveform samples from the device, and another JavaScript library could be used to draw an oscilloscope of the waveform on the webpage. This has the added benefit of reducing the amount of data transferred from the device to the client, as a list of samples is smaller than a picture rendered on the server. As another example, a JavaScript library could be used to simplify the generation of tables of log records, including historical value records, system events, or power quality events. As another example, a JavaScript library could be used to periodically query for new data, and display that data live. As another example, a JavaScript library could be used to perform an asynchronous query of data, such as using Ajax, so the webpage could continue to be updated while the device transfers the data to the client.

One such library is jQuery, a multi-browser JavaScript library designed to simplify the client-side scripting of HTML. jQuery's syntax is designed to make it easier to navigate a document, select DOM elements, create animations, handle events, and develop Ajax applications. jQuery also provides capabilities to create plug-ins on top of the JavaScript library. This enables abstractions to be created for low-level interaction and animation, advanced effects and high-level, theme-able widgets. The modular approach to the jQuery library allows the creation of powerful dynamic web pages and web applications.

Another such library is Dojo Toolkit, a JavaScript framework targeting the many needs of large-scale client-side web development. For example, Dojo abstracts the differences among diverse browsers to provide APIs that will work on all of them (it can even run on the server under Node.js); it establishes a framework for defining modules of code and managing their interdependencies; it provides build tools for optimizing JavaScript and CSS, generating documentation, and unit testing; it supports internationalization, localization, and accessibility; and it provides a rich suite of commonly-needed utility classes and user-interface widgets.

Another such library is D3.js and Protovis, JavaScript libraries to display digital data in dynamic graphical forms. Embedded within an HTML webpage, the JavaScript D3.js library uses pre-built JavaScript functions to select elements, create SVG objects, style them, or add transitions, dynamic effects or tooltips to them. These objects can also be widely styled using CSS. Large datasets can be easily bound to SVG objects using simple D3 functions to generate rich text/graphic charts and diagrams. The data can be in various formats, most commonly JSON, CSV or geoJSON, but, if required, JavaScript functions can be configured to read other data formats. The atomic concept of D3 design is to first use a CSS-style selector to select a given sets of DOM-nodes, then use operators to manipulate them in a similar manner to jQuery.

Many other such JavaScript libraries which provide webpage manipulation, data querying, and graphic drawing functions exist, and could also be used.

As stated above, the IEDs of the present disclosure, for example IED 10 or IED 1100, may be configured to provide more efficient update procedures for packages on an IED while decreasing any interruptions to the functionality of the IED during the update. It is to be appreciated that a package is a collection of files, scripts, and descriptive information, which may be used in combination to install and uninstall updates to the IED. Files may include, but are not limited to: resources such as pictures, web pages, configuration files, documentation, test files, and software instructions; executables such as compiled firmware binaries, compiled software binaries, uncompiled source code, and script programs; and package information files, which provide information about the package. The descriptive information, further more known as the ‘header’, though not limited to the beginning of the package, contains information to be used by the updater application, e.g., update application or module 1410. The descriptive information may include, but is not limited to, the following: a package name, which could be used by the updater to distinguish one package from another; a package version, which could be used by the updater to determine if the package is newer then the one already installed; a package dependency list, which could be used by the updater to ensure other required packages are installed before installing this package; a package signature, which could be used by the updater to ensure that the package is valid, and not modified by some third party; package update notes, which could be displayed to the user if the user is given the option to decide if the package should be updated, or could be entered into a log as part of the update process; a package manifest, or list of contained files, which could be used by the updater to verify the contents of the package; and a list of supported features of the package, such as install, uninstall, upgrade, and modify, which could be used by the updater to determine which scripts to run and which updater actions can use the package. The scripts are a sequence of instructions run by the updater to perform an install action. Install actions may include, but are not limited to, installing a new package, uninstalling an existing package, upgrading an existing package using a new one, and modifying the features and settings of an existing package. The instructions in the script may be used to perform part of the install action, and may include actions such as, but not limited to, copying files from the package to an install or resource directory, deleting existing files, modifying entries, stopping applications and services, starting applications and services, and sending commands to other applications on the IED. An exemplary package may be a Modbus Server Package, in which the install script shuts down the existing Modbus server application, copies the application binaries to the IED, updates the Modbus configuration map with a new file from the package, executes a settings update program to update the configuration with the IED specific properties, and finally starts the Modbus server application.

Below, various techniques for updating the packages of IEDs either via a remote server or through other methods are disclosed in greater detail in accordance with an embodiment of the present disclosure.

In one embodiment, an IED, for example IED 10 or IED 1100, may run under a general purpose operating system (as described above in reference to previous embodiments). For example, the general purpose operating system used on the IED may be Linux operating system. Additionally, the firmware system on the IED has three layers: (1) low-level driver modules, (2) mid-level system libraries, and (3) high-level user application. The mid-level system library is developed as a Hardware Abstraction Layer (“HAL:), where the high-level user applications must call the mid-level system library to gain access to the IED's raw data. For example, in one embodiment, interface application 1206, described above and shown in FIG. 12 , functions as the mid-level system library to bridge the hardware and the user applications on IED 1100.

One advantage in the presently described configuration is the IED's hardware can be changed and there will be minimal impact on the user applications. Additionally, the IED uses a modular design in the high-level user application layer. In other words, each application in the high-level user application layer will perform a specific task to minimize mutual dependency among modules. Therefore, installing or removing an application on the IED described in the present disclosure will, in most cases, not affect the other applications on the IED.

As stated above, the three-layer firmware system is designed to minimize the firmware dependency between user applications on the IED. In one embodiment, the mid-level system library interface will be stable over the IED's lifetime. Furthermore, in the production phase, the mid-level system library will not change unless a major system upgrade is essential. If a change to the mid-level system library is made, it is recommended that the change is an incremental change through the addition of APIs (Application Program Interfaces). It is to be appreciated that the addition of APIs will make the system backward compatible.

To minimize mutual dependency between user level applications, in one embodiment, every application's runtime parameter is configured through its own XML configuration file. For example, in one embodiment, the IED includes an application (e.g., Modbus_server) to respond to user requests from the Modbus channel. If the user wants to change the system time, the user can call the system library (e.g., interface 1206 shown in FIG. 12 and described above) of the securedOP API (e.g., security 1411 shown in FIG. 14 and described above) to change the system time. If the Modbus packages need to be updated, the IED is configured to stop the Modbus server, install the updated Modbus package, and restart the Modbus server. From the prospective of the user using the IED, the user will only notice a brief service interruption (e.g., one or two seconds).

It is to be appreciated that in accordance with the current embodiment, there are three packages which differ from other applications: (1) the application monitor; (2) the data_server; and (3) the security server. The application monitor is configured to start, stop, and monitor the health status (i.e., proper operation) of other applications that are running on the IED. It is to be appreciated that the application monitor may be the same as process management component 1108 described above and shown in FIG. 11 . In one embodiment, if the application monitor is not operating properly, the IED is configured to reboot the system via a hardware watchdog (as described above). The data_server is configured to maintain a live data stream buffering from the DSP in the IED. If the data_server is not operating properly, all other applications may have frozen data, or even stall if the applications call a wait_syc( ) function. In one embodiment, when the data_server is not operating properly, the IED is configured to restart the data_server, and the application monitor is configured to restart all other applications. The security server is configured to check user permissions and perform pre-defined secured operation, including, but not limited to, firmware updates, changing of the system time, and the changing of programmable settings. It is to be appreciated that if the security server is not operating properly, the IED is configured to restart the security server while continuing to run any other currently running applications.

As will be described below, each installation package contains two scripts: an install.sh script and an uninstall.sh script in addition to the new files to be installed on the IED. In one embodiment, the IED includes an updater program that has the privilege to install and remove a package. It is to be appreciated that in some embodiments the updater program may be the same as update module 1410 in IED 1100. In some embodiments, updater program may be included in a processor of IED 10, such as CPU 50, or an associated memory. It is to be appreciated that the two scripts included in the installation package are human readable and contain information about the IED's internal file structure. Therefore, the installation package needs to be encrypted in the production phase. Furthermore, for security reasons, it is not desirable for the installation package to be altered by a third-party and allowed to be installed on the IED. Therefore, in one embodiment, the updater program in the IED is configured to reject any installation packages that have been altered. As will be described below, the IED is configured with robust security measures to authenticate any installation package before the installation package is installed on the IED. The updater program will be described in greater detail below.

In one embodiment of the present disclosure, the IED is configured such that, when an update is installed (e.g., on a memory or processor of the IED, such as memory 20 and/or CPU 50), the executable binary of the update will not erase the existing data on the IED if the new binary can use the same data file or database. Therefore, the data and binary are separated into different packages, where the data package contains the basic data file folder or databases, and the binary package contains the execution and configuration XML files. Alternatively, if the old data on the IED must be removed, the binary package installer script will include data backup operation procedures.

Furthermore, it is to be appreciated that each installation package shall include a removal script. Additionally, the updater program will be configured to conduct a dependency check in the server package list XML file. For example, let package A depend on package B. If a user wants to remove package B, the updater program is configured to recognize the dependency of package A on package B and to ask the user for confirmation to remove package A when package B is removed. Alternatively, if the user wants to install package A, the updater program is configured to recognize the dependency of package A on package B and to ask the user for confirmation to install package B in addition to package A. It is to be appreciated that, in some embodiments, this process can be configured to occur automatically (i.e., without the request for user confirmation to install or remove dependent packages) so that the installation process is not interrupted.

In the currently described embodiment of the present disclosure, new packages can be installed onto the IED in at least three ways: (1) production installation; (2) remote update server installation or (3) push mode operation. Production installation occurs when the IED is manufactured. During production installation, new packages are installed onto the IED's compact flash card (e.g., memory 20 of IED 10 or compact flash 137 of TED 1110) via direct connection to an external production PC with a compact flash reader adapter or via a push file transfer protocol, such as, but not limited to Secure Copy Protocol (SCP).

Alternatively, after the production installation, the IED can be coupled to a network (such as networks 422, 522, or 622 described above and shown in FIGS. 4-6 ) via a communication interface, such as, communication device or interface 24 of IED 10, and updated remotely over the network via a remote update server or via push mode operation.

In one embodiment, a user can upload a new package to the IED (i.e., an update for an existing package on the IED). To upload the new package to the IED, the user may use communication software configured to communication with the IED via a hardwired or wireless interface. Alternatively, a processor and/or memory of the IED (e.g., CPU 50 and memory 20 of IED 10) may maintain a web page that is accessible by a user, e.g., via a software program such as a browser. The web page may include an interface that gives the user the option to select a file (i.e., the new package) from the user's local hard drive (or a portable memory device coupled to the user's computer) to upload to the web page maintained by the IED. In this embodiment, the IED is configured such that when a file is uploaded to the web page by the user or directly to the IED via a communication software, the updater program is triggered (e.g., by a time schedule, manual input by a user, etc.) to update the existing package installed on the IED with the new package uploaded by the user. This method of updating the IED is called push mode operation.

In one embodiment, the updater program can be configured to check the remote update server for new packages and install the new firmware version if permitted. The IED includes a local package list file (e.g., stored in memory 20 of IED 10) that lists all the installed packages. In one embodiment, local package list file may be /etc/update/local_package_list.xml. Below a sample local package list is shown in accordance with the present disclosure, where each package on the list includes a package name, version, date, and md5hex:

<?xml version=“1.0” encoding=“utf-8”?> <root><package name=“ipswitch.led” version=“0.01.002” date=“2015/1/11 22:37:20.848” md5hex=“d8575e038371eea4117a3788a716879e” /> <package name=“appmon” version=“0.02.009” date=“2015/1/6 0:11:5.270” md5hex=“48095ccbd84171f441778e8051684201” /> <package name=“security.server” version=“0.03.010” date=“2015/1/6 18:43:34.681” md5hex=“4a489c5c4634baabdce6363c5b17ac1d” /> <package name=“kool.phpsuite” version=“trialversion_80” date=“2015/1/6 20:44:43.532” md5hex=“114356b5eddbc991b9d98feb1df20642” /> <package name=“web.pages” version=“0.02.004” date=“2015/1/6 20:58:14.153” md5hex=“a7d7ba4c66710cffe21f09daf09ce60f” /> <package name=“corelog.data” version=“0.03.003” date=“2015/1/7 19:47:27.202” md5hex=“349048c64acd6619667fa17800c94733” /> ....</root>

Furthermore, the remote update server includes a server_package_list.xml, which lists all the packages on the server that are available to be installed on the IED. It is to be appreciated that the server may be any one of servers 440, 540, 640, coupled to networks 422, 522, 622, respectively. Below, a sample server package list is shown, where each package in the list includes a package name, version, date, removable, size, md5hex, and file name:

<root> <package name=“appmon” version=“0.02.009” date=“2015-01-05 10:00” removable=“no” size=“54548” md5hex=“48095ccbd84171f441778e8051684201” file=“appmon_0_02_009.pak”/> <package name=“lib.utilities” version=“0.01.001” date=“2014/12/31-18:00” removable=“no” size=“136105” md5hex=“ef79db280d64544bfc6751f6afe11cee” file=“lib_utilities_0_01_001.pak”/> <package name=“lib.user5” version=“0.01.001” date=“2014/12.31-13:45” removable=“yes” size=“10649” md5hex=“e030b3f3487815d269c3011f5c50c4f9” file=“lib_user5_0_01_001.pak”/> .... </root>

It is to be appreciated that the “removable” attribute for each of the packages in the list shown above describes whether a package is necessary to the operation of the system on the IED and can be removed. For example, if a “no” appears next to the “removable” attribute, that package is necessary to the system and cannot be removed. However, even if a package cannot be removed, the user can update the package when a newer version becomes available. Alternatively, if a “yes” appears next to the “removable” attribute, that package can be removed as the package is not necessary to the system.

The updater program is configured such that it can check the local package list and the server package list to compare the lists. For example, the updater program may send a request for the server package list to the server and receive the local package list from the server. The updater program may then compare the received server package list from the server with the local package list. When comparing the two lists, the updater program can determine if the server package list has newer versions of the packages that are on the local package list (i.e., the packages on the IED). If the server package list has newer versions of the packages on the local package list, the updater program can update the packages on the local package list that are on the IED.

In one embodiment, the updater program is executed by CPU 50 of IED. In this embodiment, CPU 50 sends a request for the server package list to the remote server via communication interface 24. The server then sends the server package list to CPU 50 via communication interface 24. Then, CPU 24 compares the local package list that is stored in memory 20 and includes the list of currently installed packages on the IED 10 to the packages included on the server package list received from the server to determine if there are any newer version of any of the packages installed on IED 10 available for update via the server.

In another embodiment of the present disclosure, the updater program can be configured such that the user can issue commands to update the packages on the local package list of the TED. For example, the commands the user can issue include, but are not limited to, update list, update, check update install xxx.xx, or update remove xxx.xx to list, check install and remove a package. In one embodiment, where the updater program is executed by CPU 50, a user may send a user command to the updater program via communication interface 24, either via a hardwire connection or a wireless connection to communication interface 24.

For example, below a demonstrative usage of a user inputted command is shown. In the example below the user has inputted an “update list” command:

#>/root/update list Package names Server Version Local Version  (1) updater 0.1.1 0.1.1  (2) modules 0.1.0 0.1.0  (3) lib.system 0.04.0002 0.04.0002  (4) lighttpd.setup 1.4.31 1.4.31  (5) syslogd.setup 1.5.00 1.5.00  (6) program.setting 0.01.002 0.01.002  (7) data.server 0.04.0001 0.04.0001  (8) security.server 0.03.009 0.03.008 (x)  (9) appmon 0.02.005 0.02.005 (10) modbus.server 0.03.001 0.03.001 (11) trending.log 0.02.002 0.02.002 (12) limit.logger 0.02.001 0.02.001 (13) ipswitch.led 0.01.001 (14) web.pages 0.02.003 0.02.003

As shown above, the “update list” command yields a list of all the packages on the local package list and the server package list, so that the availability of newer packages can be identified to update the packages currently installed on the IED. As seen in the list above, the output of the “update list” command shows that the local version of package #8 “security.server” has an “x” next to it. The “x” is used to indicate that there is an available update for the package on the server. Furthermore, as seen above, package #13 is missing in the local installation. Therefore, after identifying that package #13 is missing, the user could choose to download this package as well.

It is to be appreciated that, in one embodiment, one or more of the packages available for update, or new installation, may be a package that provides new or additional functionality to the IED, e.g., a new feature package. It is to be appreciated that a new feature package may add various functionality to the IED such as data logging, harmonic analysis, CT/PT compensation, limit and control functions, waveform recording, etc. A new feature package may be installed on the IED after production of the IED, where a user of the IED may pay some additional fee to install and use a new feature package on the IED. In one embodiment, the IED and/or the remote server is configured to determine if one or more of the available package updates is for a package that is a “new feature package” and will only update a “new feature package” if the package has been paid for by the user of the IED. After an initial install of a new feature package, the package is added to the local package list and will subsequently be updated when a new version of the new feature package is available via the various methods described herein.

Another usage of a user inputted command is shown below. In the example below, the user has inputted an “update check” command:

#>/root/update check Package names  Server Version Local Version ( 1) security.server 0.03.009 0.03.008 name: security.server version: 0.03.009 filename: security_server_0_03_009.zip filesize: 547905 md5hex: d22deed5e0334c69a183cb6e24c9ccd4 description: security server and scripts file size 0 MD5hex=d22deed5e0334c69a183cb6e24c9ccd4/d22deed5e0334c69a183cb6e24c9ccd4

The “update check” command instructs the updater program to check the server package list for any available updates. If the updater program finds a package on the local package list that needs to updated, the updater program will automatically update the package. For example, as shown above, as a result of the “update check” command inputted, the security.server package is identified as needing an update and the update is automatically installed.

Additionally, the user can input a command to manually install a package. For example, in one embodiment, the command may be #>/root/update install ipswitch.led. Furthermore, the user can input a command to manually remove a package. For example, in one embodiment, the command may be #>/root/update remove ipswitch.led. It is to be appreciated that the commands described above are merely a subset of all the possible commands that a user can input into the updater program in accordance with the present disclosure. Furthermore, it is to be appreciated that the updater program is configured such that inputted commands will only be executed if the inputted commands are received from a privileged user logging on to the IED. Additionally, it is to be appreciated that, in some embodiments, user commands may be inputted remotely by a user via web server 1408 in IED 1100. Alternatively, the user command may be inputted by a user directly on IED 1110 through command interface 1409 when the IED 1100 is in debug mode, or, during production, user commands can be executed through SecuredOP APIs 1411.

Turning to FIGS. 21A-B, an exemplary file structure 2102 for files on a remote server is shown in FIG. 21A and an exemplary file structure 2150 for files on an IED (e.g., a meter) is shown in FIG. 21B in accordance with an embodiment of the present disclosure. It is to be appreciated that one or more of the files of file structure 2150 may be stored in a memory of an IED, such as memory 20 of IED 10.

File structure 2102 includes folder 2104, where folder 2104 includes a URL that specifies a publicly accessible location of packages that can be installed on an IED, such as IED 10 or IED 1100. For example, the files in file structure 2102 may be stored in any one of servers 440, 540, 640, described above, and accessible by an IED. It is to be appreciated that the packages made available via the URL stored in folder 2104 are encrypted to ensure only authorized users may make use of the packages. File structure 2102 also includes a configuration file 2108, where the configuration file 2108 includes a list of all the currently available packages for download. It is to be appreciated that the list in file 2108 may be a text or XML file (as described above), where the text or XML file includes information related to each package listed such as, but not limited to, the package name, version string, build date, dependency, checksum, and a package file name. Example 2120 shows an exemplary XML file that may be included in file 2108, where the package name is “updater”, the version string is “0.2.1”, the build date is “2010/12/17 09:03:00.0000”, and the file name is “package.zip”.

It is to be appreciated that each package listed in configuration file 2108 may include a corresponding sub-folder 2106, where the name of the sub-folder 2106 is identical to the package name listed the configuration file 2108. For example, the name of the sub-folder 2106 of the exemplary package shown in example 2120 would be “updater.” It is also to be appreciated that each sub-folder 2106 may include several version folders 2110 (for version trackability), where the version folder name is identical to the version string in the configuration folder 2108. For example, the version folder name of the version folder 2110 of the exemplary package shown in example 2120 would be “0.2.1”. It is to be appreciated that each version folder 2110 within a given sub-folder 2106 represents a different version of package corresponding to the sub-folder 2106.

Each version folder 2110 includes an encrypted package file 2116. As described above, each package 2116 listed in configuration file 2108 includes an installation script 2112, a removal script 2114, and the files 2118 to be installed as part of the package file 2116. It is to be appreciated that the name of each package file 2116 is the same as the package file name listed in configuration folder 2108. For example, the package file name of the package file 2116 corresponding to the exemplary package shown in example 2120 would be “package.zip”. It is to be appreciated that if the naming convention for sub-folder 2106, configuration folder 2108, and version folder 2110 is used, a client device (e.g., IED 1110) attempting to access a remote server hosting packages can locate a given package directly using the package name, version string, and package file name included in the XML file in configuration folder 2108.

Turning to FIG. 21B, a file structure 2150 that is included in an IED, such as IED 1100, is shown in accordance with the present disclosure. The IED may include an updater program 2152, which is configured to check for updates for packages installed on the IED, where the updated packages are on a remote server, as described above. It is to be appreciated that, in some embodiments, the updater program may be the same as update module 1410 in IED 1100. Furthermore, it is to be appreciated that updater program 2152 is configured to output a web friendly JSON file 2156, which can be stored in a web server accessible folder that is maintained and stored on the IED. The JSON file 2156 can be then requested by a user's client PC to display the IED's package information to a privileged meter user. For example, the updater program 2152 may store what packages are currently installed on the IED, when they were updated, and what updates are available in the JSON file 2156. This file may then be accessed by a privileged meter user by requesting the JSON file 2156 from the web server accessible folder in the IED.

It is to be appreciated that the JSON file 2156 may also be used for the push mode operation method of updating a package on the IED, as described above. A user may access the JSON file 2156, for example, via the user's web browser, to determine if a package update should be uploaded to the IED. The user may then upload a package update to the IED (either via a web interface or a communication software, as described above), where updater program 2152 is configured to automatically update an existing package on the IED using the uploaded package update from the user.

Updater program 2152, shown in FIG. 20B, may be stored in a memory or a processor of an IED, such as memory 20 and CPU 50 of IED 10 or CPU 1103 of IED 1100. Updater program 2152 is configurable via configuration file 2158, where configuration file 2158 is included in configuration folder 2154. It is to be appreciated that configuration folder 2154 is configured such that configuration folder 2154 can only be accessed by authorized applications and users. Configuration folder 2154 also includes a local package list file 2162, where file 2162 includes a list of all the locally installed packages on the IED. File 2162 includes information related to the packages installed on the IED, such as, but not limited to, the package names, version string name, build date, and checksum. In some embodiments, file 2162 may be an XML file. For example, an exemplary XML file that may be included in file 2162 is shown in example 2164.

The presently described IED also includes a temporary folder 2160. Temporary folder 2160 may be used by updater program 2152 to temporarily store newly downloaded packages (found on the remote server), so that the newly downloaded packages may be installed onto the IED. It is to be appreciated that the location of the temporary folder 2160 is also configurable through the configuration file 2158.

Turning to FIG. 22 , a flowchart illustrating a method 2200 for updating an IED is shown in accordance with an embodiment of the present disclosure. It is to be appreciated that method 2200 may be used with any IED that is coupled to a network and includes the updater program 2152 described above. For example, the method 2200 may be used with any one of IEDs 410, 412, 414, that are coupled to network 422, IEDs 510, 512, 514 that are coupled to network 522, and IEDs 610, 612, 614 that are coupled to network 622, or IED 1100. It is to be appreciated that the updater program may be stored on a memory of an IED, such as memory 20, or alternatively stored and executed in a processor, such as, CPU 50 or CPU 1404. Furthermore, it is to be appreciated that, in some embodiments, the updater program may be the same as update module 1410 described previously in the present disclosure.

Initially, the updater program 2152 in the IED will receive a request to install a package, in step 2202. It is to be appreciated that the request may be sent to the IED via a computer coupled to the IED remotely through a network as described previously in the present application. The request may be received by a communication interface of the IED, such as communication interface 24, and provided to a processor of the IED, such as CPU 50. When the updater program 2152 receives a request to install a package, the updater program 2152 will check if the package name is available on the remote server's package list 2108, in step 2204. It is to be appreciated that the remote server package list 2108 may be on any one of servers 424, 440, 524, 540, and/or 640 from the embodiments described above. In one embodiment, the IED checks the remote server package list 2108 by sending a request to the remote server to receive the remote server package list 2108 from the server.

If, the updater program 2152 determines that the package name that was requested to be installed on the IED is not on the remote server's package list 2108 in step 2206, the updater program 2152 will discontinue communication with the remote server and provide the user with an error message, in step 2208. It is to be appreciated that the message may be provided to the user by displaying the message on the IED (e.g., via a multimedia interface, such as multimedia interface 22) and/or sending the message to be displayed on the computer the user is using that is coupled to the IED via a network, e.g., via e-mail.

Alternatively, if the updater program 2152 determines that the package name that was requested to be installed on the IED is on the remote server's package list 2108 in step 2206, the updater program 2152 will then check if the package has a dependency on any other packages, in step 2210. It is to be appreciated that the updater program 2152 can check for any dependencies by checking the remote server package list 2108, which includes information pertaining to any existing dependencies. If the updater program 2152 determines that the package has dependency on any other packages in step 2212, the updater program 2152 will call install( ) recursively to install the dependent package, in step 2214. It is to be appreciated that, in one embodiment, when the updater program 2152 calls install( ) to install the dependent package, the updater program 2152 downloads the dependent package from the remote server including packages for the IED. Then, the updater program 2152 will check the package name of the requested package in the remote server package list 2108, in step 2204. Ultimately, the updater program 2152 will return to step 2212 and determine that all dependent packages have been installed and the updater program will continue to step 2216.

Alternatively, if the updater program 2152 determines that the package does not have any dependencies on other packages in step 2212, the updater program 2152 will download the package from the remote server, in step 2216. It is to be appreciated that any package downloaded by updater program 2152 from the remote server may be stored in temporary folder 2160, where temporary folder 2160 may be stored in a memory of an IED, such as memory 20.

After downloading the package, the updater program 2152 will decrypt the downloaded package, in step 2218. It is to be appreciated that within the decrypted package, there is a package header. The package header contains essential identifying or authenticating information for each package, such as, but not limited to, package name, size, version, and checksum. It is to be appreciated that the package header will be discussed in greater detail below.

After the downloaded package has been decrypted, the updater program 2152 may determine if the decrypted package is authentic, in step 2220. In one embodiment, to determine the authenticity (i.e., the package hasn't been altered) of the decrypted package, the updater program 2152 will read the authentication information in the package header for the decrypted package and compare it to the authentication information on the remote server's package list 2108 for that package to authenticate the downloaded package (as will be described in greater detail below). If the updater program 2152 determines that the decrypted package is not authentic, the updater program 2152 will provide an error message to the user, in step 2208. Alternatively, if the updater program 2152 determines that the decrypted package is authentic (i.e., the authentication information in the header matches the authentication information on the remote server's package list 2108), then the updater program 2152 will unpack (e.g., unzip) the decrypted package onto a temporary location 2160 on the IED in step 2222, and run the installation script (i.e., install.sh), in step 2224 to install the downloaded package on a memory or processor of the IED, such as memory 20 or CPU 50.

It is to be appreciated that there are other methods for determining the authenticity of a decrypted package in accordance with the present disclosure. For example, a digital signature algorithm, such as, but not limited to, Elliptic Curve Digital Signature Algorithm (ECDSA) may be used to ensure the authenticity of a decrypted package. Digital signature algorithms may use a private and public key to generate and verify digital signatures. This allows a digital signature to be verified without querying a server for authentication information, preventing man-in-the-middle attacks on the signature verification process. For example, a public key is generated and store in the IED, where the public key is generated by a private key known to the creator of the package updates. The private key is then used to generate a digital signature which is stored in the header of the decrypted package. The public key and a digital signature algorithm (e.g., ECDSA) may then be used by the updater program 2152 in the IED to verify the digital signature in the header of the decrypted package for authenticity. The digital signature can only be computed with access to a private key, only know by the generator (or creator) of the packages ensuring the authenticity of the decrypted package.

It is to be appreciated that, in one embodiment, the key, digital signature algorithm and/or other encryption algorithms may be stored on the IED in a layer, module or memory that is not accessible externally via a communications software. For example, in one embodiment, the key, digital signature algorithm and/or other encryption algorithms may be stored on a separate CPU/DSP/FPGA than those shown in figures described in relation to the above embodiments. In a further embodiment, the key, digital signature algorithm and/or other encryption algorithms may be stored on a dedicated encryption chip. Similar techniques for providing security of the key, digital signature algorithm and/or other encryption algorithms is described in commonly owned U.S. application Ser. No. 14/742,061, the contents of which are incorporated by reference in its entirety.

After the package is installed, the updater program 2152 will delete the temporary folder 2160 including the downloaded package (i.e., the folder created when the decrypted package was unpacked), in step 2226. Then, the updater program 2152 will update the local package list 2162, in step 2228, on the IED to reflect the version of the package that was installed during method 2200. For example, updater program 2152 may delete the older version of the downloaded package that was previously installed on the IED from the local package list 2162 and replace it with the newer version of the package that has been downloaded by updater program 2152.

It is to be appreciated that, in some embodiments, the updater program 2152 in the IED may be configured to auto-update any installed packages. In this embodiment, updater program 2152 is configured to perform method 2200 described above at adjustable, predetermined periodic intervals (e.g., every 6 hours, every day, etc.) When the auto-update feature is enabled, the updater program 2152 will check for any newer versions of the packages installed on the IED that become available on the remote server package list 2108. The updater program 2152 will check for newer versions of the packages installed on the IED by comparing the information stored in the local package list 2162 with the information stored in the remote server package list 2108, as described above. If the updater program 2152 finds newer versions of the packages on the remote server package list 2108, the updater program 2152 can automatically install these newer packages on the IED.

It is to be appreciated that to make sure that any new packages to be installed on the IED are properly installed, the newly installed packages must be copied to the correct location on the IED, the installed packages must be set to the correct permissions, and the installed packages must be set to the correct ownership. Furthermore, it is to be appreciated that if the application pertaining to a package to be installed is already running on the IED when it is time to install the package, the installation script 2112 and the updater program 2152 are configured to stop the application or package from running, install the application or package, and then restart the application package after installation.

Below, an example of an installation script trending log is shown. The trending log illustrates that all the trending loggers (e.g., application 1418 in IED 1100 described above) are stopped by the application monitor in the IED, and then a new trending log is copied, and the ownership and permission are set. After the installation is complete, the trending loggers are restarted.

#!/bin/sh # #tlogger v0.03.0003 installer # INSTALL_PATH=/home/test TEMP_PATH=/tmp/temp APPMON=/root/appmon mkdir -p $INSTALL_PATH $APPMON/stop_corelog.sh ... unzip -o $TEMP_PATH/tlogger.zip -d $INSTALL_PATH/ chown -R test:test $INSTALL_PATH chmod 750 $INSTALL_PATH/tlogger $APPMON/start_corelog.sh ....

Below, examples of removal script and uninstall script trending logs are shown.

#!/bin/sh # #tlogger v0.03.0003 uninstaller # INSTALL_PATH=/home/test TEMP_PATH=/tmp/temp APPMON=/root/appmon $APPMON/stop_corelog.sh .... if [ -e $INSTALL_PATH/tlogger ]; then rm -f $INSTALL_PATH/tlogger fi

It is to be appreciated that during the development phase, the installation script 2112 and removal script 2114 can be compressed into a .zip file. However, in the production phase, any packages that are to be installed onto the IED must be encrypted. For example, in some embodiments, the packages are encrypted as .pak files with a private key to protect the IED from potential attackers. The .pak files may be created by a Openssl tri-des encryption algorithm with a private key pair. In some embodiments, the private key pair is hardcoded in a package preparation program. The package preparation program is configured to run on a Linux PC and convert packages from a .zip format to a .pak format.

In one embodiment, the header of a downloaded package is encrypted into the .pak file together with the .zip file. When the updater program 2152 decrypts the package in step 2218 of method 2200, the updater program 2152 will first load the header to check if the decrypted md5, name, and version of the package is the same as the one listed on the remote server package list 2108. If any of the md5, name, and/or version does not match the one listed on the remote server package list 2108, the updater program 2152 will provide an error message (i.e., step 2208) and the updater program 2152 will not perform any more function.

It is to be appreciated that the openSSL_triDes_test can also convert a .pak file back to the .zip file. An example command is shown below:

#>./openSSL_triDes_test-m 1-s data_server_0_04_025.pak-d data_server_0_04_025.zip

As stated above, the updater program 2152 can be configured to automatically update the packages installed on the IED when newer versions of the packages become available on the remote server package list 2108. In one embodiment of the present disclosure, a process scheduler script can be installed on the IED and configured to run an “update check” command (as described above) at adjustable, predefined time intervals (for example, every 6 hours), i.e., a polled operation mode. In this way, the updater program 2152 will keep all packages installed on the IED up to date with the versions that become available on the remote server package list 2108.

In another embodiment of the present disclosure, the IED is configured such that a user can manually trigger the update of some or all of the packages installed on the IED when newer versions of the packages become available on the remote server package list 2108. In this embodiment, the user will have the ability to run a Modbus request (or a request in any other communication protocol supported by the IED) to a specific IED to run the “update check” (as described above) through a special SSL port or a software communication application such as CommEXt application software commercially available from Electro Industries/Gauge Tech of Westbury, N.Y. In this way, when an “update check” command is received by the IED from a user, the updater program 2152 will check the remote server package list 2108 for any available updates to the packages installed on the IED.

In a further embodiment, packages may be enabled and/or disabled as needed by a user. Packages contain the instructions for both installing and uninstalling, which allows for the feature associated with the package to be enabled or disabled by just installing or uninstalling the package. The package may be stored in a local cache of packages on the IED, e.g., in a memory such as memory 20, so that at any time, the feature could be enabled or disabled, without requiring it to be explicitly retrieved from an external website or uploaded to the IED. Additionally, features which are disabled by default may be included in the package cache at the time of manufacture, i.e., at the production phase. This would allow users to enable those features at any time, even if the IED cannot access external websites or servers. Additionally, the updater application, e.g., updater application or module 1410 or updater program 2152, may limit what packages can be installed, based off a global “allowed features”. When the allowed features changes, such as when a new feature key is entered into the IED, the updater application may automatically install all packages from the package cache which match that feature level. Additionally, each package may include a field in its header, which indicates what feature level each package is allowed in.

In another embodiment of the present disclosure, an automated firmware tracking and update system is provided. Referring to FIG. 23 , an automated firmware tracking and update system 2300 is shown in accordance with the present disclosure. It is to be appreciated that system 2300 may be utilized with any of the IEDs (e.g., 10, 1110), updater programs, networks, remote servers, and/or other features of the above-described embodiments.

System 2300 is configured to keep track of the firmware versions of a fleet, or a plurality, of meters or IEDs 2310, notify one or more users when an update is available, and provide the ability to automatically upload current firmware to all meters or IEDs 2310 in a fleet, or at least to a portion or subset of meters or IEDs 2310 in a fleet. It is to be appreciated that “fleet”, as used herein, refers to a grouping (according to one or more selected organizational characteristics, e.g., ownership, location, meter type, function, etc.) of two or more meters or IEDs, where the grouping may be selected by a user. It is also to be appreciated that IED 2310 may be configured in a similar manner to any of the IEDs described above. In one embodiment, system 2300 is used to deploy firmware updates by a user, for example, a meter manufacturer, to a web server 2302 from which client devices 2390 running a firmware tracking and update module 2308 of system 2300 are configured retrieve the firmware updates from via a suitable communication means, e.g., HTTP. This provides the ability for users to automatically keep their meters 2310 up to date using system 2300. Additionally, as will be described below, system 2300 enables an audit of current firmwares and available firmwares to be presented to the user, so the user can get a better grasp of their fleet. It is to be appreciated that a client device may be any type of computing device (e.g., a mobile phone, a tablet, a laptop, a PC, etc.) that is capable of running software and receiving input from a user.

System 2300 is configured for automated firmware tracking and updating to simplify the maintenance and data collection of a large fleet of meters 2310 and provide the user with the ability to keep their fleet up to date with the latest firmware.

The automated firmware tracking and update (AFTU) system 2300 is composed of several components, including, but not limited to, a package manager 2304, server 2302, firmware tracking and update module 2308. As will be described in greater detail below, firmware tracking and update module 2308 includes a firmware upload or update module 2319, which is configured to upload firmware updates to the meters 2310 in a fleet. Firmware update module 2319 is configured to employ several tools (e.g., plugins, modules, etc.) for updating meters 2310. For example, as will be described below, firmware module 2319 may use a communicator module for updating the meters 2310. It is to be appreciated, that in some embodiments, different meters 2310 within a fleet may be configured for use with different updater tools. In these cases, firmware update module 2319 is configured to use all update tools necessary for updating the meters 2310 in a fleet. Firmware update module 2319 is configured to determine which updater tool is appropriate to update a given meter 2310 within a fleet and employ the appropriate updater tool for the given meter 2310.

It is to be appreciated that each of the components in system 2300 (e.g., module 2308, server 2302, manager 2304, meters 2310) are configured to communicate via one or more networks (e.g., the Internet, one or more private networks, etc.) using wired and/or wireless communication means.

Package manager 2304 is configured as a management application or module installed and running on a client device and used by a user to generate firmware packages, upload them to the server 2302 and/or to module 2308, and otherwise manage the list of current and available firmwares stored on server 2302. As shown in FIG. 23 , the package manager 2304 is also used to maintain compatibility lists 2315 stored in server 2302.

Server 2302 is a server that is publicly accessible and configured to store the list of current and available firmwares for all meters 2310 in one or more fleets. In addition to the firmwares stored, server 2302 also stores a list 2315 containing compatibility information (e.g., software and/or hardware compatibility) pertaining to each meter 2310 and its firmware packages to assist with determining upgrade paths.

Firmware tracking and update module 2308 is configured as client-side software (e.g., executed by one or more processors on a client device 2390 and accessed via a memory on the client device 2390 or via a web browser of the client device 2390), which tracks the firmware on meters 2310, retrieves (e.g., periodically) the most up-to-date firmware from the server 2302, and then notifies the user of updates, and updates all meters 2310 within one or more fleets (selected by the user to be updated) desired. It is to be appreciated that firmware tracking and update module 2308 may be configured to connect to meters 2310 in a fleet via any one of a serial connection, an Ethernet connection (TCP/IP), and/or a remote modem (e.g., dial-up or wireless) connection. Module 2308 may periodically query the meters 2310 in a fleet for information (e.g., the make/model of a given meter 2310, what firmware is currently installed on a given meter 2310, and what hardware capabilities a given meter 2310 has) It is to be appreciated that firmware tracking and update module 2308 may include the same features as the updater program described above. In addition to automatically updating the local cache 2311 from the server 2302, firmware tracking and update module 2308 includes a monitor 2306, which is a user interface generated in a processor of the user's client device 2390 and outputted for display to a display device. Monitor 2306 is configured to allow the user to use various functions of module 2308, such as, but not limited to manually importing a firmware package provided into the local cache 2311 of module 2308 to be installed into any meter 2310.

Referring to FIG. 24 , communicator module 2314 and a firmware updater wrapper application 2316 are shown in accordance with the present disclosure. It is to be appreciated that the abbreviation “FW” in FIG. 24 stands for “firmware”. Communicator module 2314 is an alternate client-side software (e.g., executed by one or more processors on a client device 2390 and accessed via a memory on the client device 2390 or via a web browser of the client device 2390) which allows users to utilize signed firmware packages from a user or manufacturer with the pre-existing firmware upload feature of the communicator module 2314. As described above, communicator module 2314 may be included in module 2308. Firmware update module 2319 is configured to shell communicator module 2314 to perform firmware updates. For example, communicator module 2314 is configured to receive firmware packages from server 2302 or firmware packages manually uploaded to communicator module 2314 (e.g., via package manager 2304 or other means) and upload the received firmware packages to one or meters 2310 in a fleet. Communicator module includes a wrapper application 2316 configured to verify firmware packages, extract and interpret metainfo from included files, as well as update a local cache from included index files.

Referring to FIG. 24 , communicator module 2314 is configured to browse (2402) firmware packages stored in a cache 2301 of server 2302 and/or a cache 2311 of firmware tracking and update module 2308. Communicator module 2314 is configured to retrieve (2404) the firmware package data and launch (2406), e.g., via a command line argument to a command line interface, wrapper application 2316. Wrapper application 2316 is configured to parse or read the firmware package data retrieved by communicator module 2314. Wrapper application 2316 is further configured to verify (2408) the firmware package data, extract (2410) any files in the package data, compare (2412) the firmware currently installed on each meter 2310 in a fleet with the retrieved firmware package data. It is to be appreciated that the firmware comparison may be performed by wrapper application 2316 by querying each meter 2310 in the fleet for the current firmware versions installed on each meter 2310 or, alternatively, the comparison may be performed by wrapper application 2316 querying a database of module 2310 (e.g., in cache 2311) including information indicating which current firmware versions are installed one each meter 2310. If the retrieved firmware is newer than the firmware installed on any of the meters 2310 in the fleet, wrapper application 2316 generates (2414) an output file including the retrieved firmware and sends the output file to communicator 2314. Communicator 2314 is configured to read (2418) the wrapper output file and display (2420) (e.g., to a user device running module 2308) the change log and any other relevant information of the firmware in the wrapper output file (e.g., where the change log and other information is included in the metainfo of the firmware in the wrapper output file). Then, either automatically, or responsive to a user input, the retrieved firmware is uploaded (2422) by communicator module 2314 to any meters 2310 in the fleet requiring an update (as determined by wrapper application 2316).

Firmware tracking and update module 2308 of the present disclosure provides a history of firmwares for each meter 2310 in a user's fleet of meters and provides an audit of the current firmwares for each meter 2310 in the fleet, and if an update is available. In one embodiment, firmware tracking and update module 2308 is configured to periodically query each meter 2310 in a fleet for the current firmware stored on each meter 2310 and stored a list of the firmware installed on each meter in a memory of the client device 2390 module 2308 is installed on. In one embodiment, firmware tracking and update module 2308 notifies the user when an update is available for any particular meter 2310 in the user's fleet. Module 2308 is configured to compare the list of firmware currently installed on each meter 2310 in the fleet to the list of firmware available for download and stored in cache 2301 of server 2302 to determine if any of the firmware installed on a meter 2310 can be upgraded. Firmware tracking and update module 2308 automatically keeps the list of current firmwares 2312 (stored in cache 2311) updated from the server 2302 and allows users to manually update the list of current firmwares with firmware packages 2312 supplied by a user, e.g., the manufacturer of meter 2310. Firmware packages 2312 contains extra information (e.g., stored in metainfo of each package 2312) to help the user decide if they want to upgrade their meter 2310, the extra information may include change logs and compatibility information. Additionally, firmware tracking and update module 2308 provides the ability to automatically (i.e., without receiving user input) or manually update individual meters, groups of meters within a fleet, and/or the entire fleet with the latest firmware. In case of an update failure or any other reasons, the meter information, such as logs and programmable settings, will be backed up before updating the firmware.

In certain embodiments, the system 2300 provides a package maintainer 2304, to enable the maintenance of the firmware packages and caches 2301, 2311.

Web accessible server 2302 including firmwares 2312 for meters 2310 is provided.

Firmware tracking and update module 2308 adds meter action history, which reports the actions taken on a single meter 2310 to a user, even when those actions occur in a group. The actions taken on each meter 2310 of the fleet may be queried from each meter periodically by module 2308 and stored in a list to maintain an up to date meter action history. Furthermore, firmware tracking and update module 2308 includes a compatibility list 2317 or other type of structure that includes which meters 2310 the various firmware packages 2312 are compatible with, which is used by module 2308 to ensure firmware that is used to upgrade any given meter 2310 is compatible with the hardware type of the meter 2310. In one embodiment, the information in compatibility list 2317 is updated and synced with compatibility list 2315 by module 2308 (e.g., by a syncing module 2322). As will be described below, compatibility list 2315 is maintained and updated by package manager 2304 periodically as new firmware is uploaded to cache 2301 of server 2302 and/or new types of meters 2310 which may have unique compatibility profiles are deployed in a fleet.

With the techniques of the present disclosure, the devices, systems and methods may provide for the following:

A package builder or package manager 2304 configured to generate the firmware packages 2312 (e.g., at the manufacturer or client device of a user), upload the firmware packages 2312 to the server 2302, and maintain the list of packages on the server 2302. Additionally, the package builder 2304 can generate the packages 2312 for manual distribution, e.g., the packages may be sent directly to module 2308 bypassing server 2302. Package builder 2304 may further update and maintain the compatibility lists 2315 stored in cache 2301 of server 2302. It is to be appreciated that builder/uploader 2304 may be software executable by one or more processors of a client device. The builder/uploader 2304 may be stored in a memory of the client device or alternatively stored in a server and executed in a web browser of the client device.

Manual Update Capabilities—A customer who wants to track and manage the firmwares on their fleet of meters 2310, but doesn't want to always update meter firmware to the latest version may use the manual update capabilities of system 2300. In this embodiment, the user watches the package updates for newer versions, and decides when they want to update their firmware for their meter 2310, based on, for example, the change log of a firmware update available, which meters 2310 in the user's fleet the user is having problems with, and what features are being added. It is to be appreciated that the above described features are displayed to a user by monitor 2306. The firmware audit (displayed in monitor 2306 and performed using firmware tracking and update module 2308) allows users to quickly determine what firmwares the user has deployed and where (i.e., in what meters 2310) the firmwares have been deployed.

Automatic Update—A customer or an end user who wants to keep their meters 2310 at the latest versions of firmware, but isn't interested in micromanaging the process may use the automatic update capabilities of firmware tracking and update module 2308. Firmware tracking and update module 2308 includes a firmware update module, which is configured to notify the user when a new version of a firmware for one or more meters 2310 in a fleet of meters is available, and either via a selection of the user or via automatic action of module 2308, firmware update module 2319 automatically updates all compatible meters 2310 in the fleet to that version. Update module 2319 is configured to determine if a new version of a firmware for one or more meters 2310 in a fleet is available by comparing the list of firmware packages on server 2302 to the firmware packages currently installed on each meter 2310.

Closed Network—Some networks are closed in that they do not allow access to external websites. In this situation, system 2300 is configured such that the customer is given a firmware package 2312 from a source (e.g., the manufacturer or any other source), which the customer manually imports into their local cache 2311 using monitor 2306. This firmware can then be pushed to one, or all, of the meters 2310 in the customer's fleet using monitor 2306 to trigger the firmware push/update, which is performed by firmware update module 2319.

It is to be appreciated that a package is a collection of firmware, change notes, resource files, version compatibility information, and digital signature, which can be given to a customer to update their meters 2310, either manually or automatically. A Cache is a collection of packages and tracking information about them, where: a Server Cache 2301 is a cache stored on the Internet, e.g., in a server 2302 that is managed by a user or entity (e.g., the manufacturer of meter 2310), and where customer instances of firmware tracking and update module 2308 pull their package updates from; and a Local Cache 2311 is a cache stored local to an instance of firmware tracking and update module 2308, used to test and update customer meters 2310. A Fleet of Meters is a collection of meters 2310 managed by an instance of the firmware tracking and update module server 2308.

The devices, systems and methods of the present disclosure track the firmware versions of meters 2310 monitored by firmware tracking and update module 2308. The tracking of the firmware performed by firmware tracking and update module 2308 may include a history of firmware versions, including the time they were detected to have changed and may also include hardware versions when available.

In certain embodiments, firmware tracking and update module 2308 may generate and provide at least one report or audit to a user (e.g., outputted for display to a display device by monitor 2306) that includes a list of all meters 2310 in the user's fleet, and their current firmware and hardware versions. The at least one report may include firmware versions that the meters 2310 could be upgraded to, if available. Additionally, the at least one report may indicate incompatibilities due to hardware restrictions.

In one embodiment, firmware tracking and update module 2308 includes a scanning module 2320 configured to query various information from each meter 2310. Scanning module 2320 is configured to query each meter for information, such as, but not limited to, current firmware versions running on each meter 2310 and hardware of each meter 2310 (e.g., version number of printed circuit board, model number of processor, model number of communication device, etc.)

In one embodiment, firmware tracking and update module 2308 recommends to the user that the firmware of one or more meters 2310 could be updated, if available. The recommendation by system 2308 may be in the form of a notification outputted for display by firmware tracking and update module 2308 to a user display device displaying a user interface of system 2308 (e.g., monitor 2306). The firmware tracking and update module 2308 may notify the user on the main meter list screen (described below), may notify the user on the meter firmware history listing and may indicate incompatibilities due to hardware and firmware restrictions of a given meter 2310. It is to be appreciated that the notification may be in the form of an email, text, or other communication outputted to any user computing device.

In another embodiment, firmware tracking and update module 2308 maintains a local cache 2311 of firmware that can be used to update meters 2310 monitored by firmware tracking and update module 2308. The local cache 2311 of firmware may be updated by periodically querying server 2302 and downloading any newly available packages for meter 2310 in a fleet. Alternatively, the local cache 2311 of firmware may be updated manually, by manually importing a firmware package 2312 supplied to the user via source (e.g., by the manufacturer). Furthermore, firmware tracking and update module 2308 maintains a compatibility list 2317 in cache 2311 that determines which hardware/firmware types and versions a meter 2310 must have or not have in order to be updated with a package 2312. The compatibility list 2317 may be maintained by module 2308 by syncing the list 2317 with the compatibility list 2315 stored in cache 2301 of server 2302.

Firmware packages 2312 maintain or include firmware compatibility information, such that only firmware that is compatible with a given meter 2310 can be uploaded to the given meter 2310, and are suggested for upload. The firmware tracking and update module 2308 supports explicit firmware upgrade path checks, i.e., firmware version x→version y, supports hardware compatibility checks and supports OEM compatibility checks.

The firmware package 2312 includes a package version. If the package version is newer than what the firmware tracking and update module 2308 supports, firmware tracking and update module 2308 rejects use of that package, warns the user it is incompatible and recommends the user upgrade their software.

The firmware tracking and update module 2308 employs techniques that ensure package integrity. For example, package manager 2304 signs all packages using a selected signature type, e.g., Elliptic Curve Digital Signature Algorithm (ECDSA), MD5, etc., and firmware tracking and update manager 2308 verifies the signature of all packages 2312 imported into the local cache 2311, verifies the signature of all packages 2312 uploaded to a meter 2310 and warns the user if a package 2312 is found to be invalid.

It is to be appreciated that the package 2312 contains all information required to identify what meter 2310 the package 2312 belongs to. The package 2312 may contain a change log, which can be presented to the user via a user interface of monitor 2306.

If automatic updating is selected, firmware update module 2319 is configured to update all the meters 2310 monitored by the firmware tracking and update module system 2308 with the cached firmwares that apply. It is to be appreciated that firmware tracking and update module 2308 is configured to enable a user to select (e.g., in a user interface of firmware tracking and update module 2308, such as monitor 2306) to update one or more meters 2310 within a user's fleet based on different criteria selectable by the user. For example, firmware tracking and update module 2308 may be used to automatically update an individual meter 2310 in a user's fleet of meters, a subset or a group of meters 2310 within the user's fleet of meters, and/or all of the meters 2310 in a fleet. It is to be appreciated that the subset or group selected for updating may be based on the meter type or any other criteria. The updates are performed by firmware update module 2319.

In one embodiment, monitor 2306 is configured to provide feedback to the user as to the progress of each meter's update and provide feedback to the user as to the success of each meter's update. In some embodiments, firmware tracking and update module 2308 is configured to allow the user to override firmware and hardware restrictions for manual firmware updates. The system of the present disclosure may provide a software application (e.g., wrapper application 2316) that can be shelled by communicator module 2314 to read firmware package metainfo, and cache XML index files to determine whether to have communicator module 2314 update a firmware package 2312 for a given meter 2310.

In some embodiments, monitor 2306 is configured to provide a list of all cached firmware to the user and provide a list of firmware that are compatible with a given meter 2310 or group of meters 2310. Firmware tracking and update module 2308 is configured to allow the user to upload firmware to the meter or meters 2310 (via module 2319), if compatible. Furthermore, firmware tracking and update module 2308 is configured to provide a consistent and uniform interface to be displayed to the user (e.g., on a client device 2390) for firmware selection across all meter types.

To minimize lose in the event of a failed firmware update, firmware tracking and update module 2308 is configured to automatically backup all meters 2310 in the user's fleet by retrieving the meter programmable settings and other configuration settings, retrieving all logs, and storing them within a location specified by the user with firmware tracking and update module 2308. In one embodiment, firmware tracking and update module 2308 includes an option for the user to disable automatic meter backup.

Firmware tracking and update module 2308 is further configured to provide meter action history. Meter action history includes a list of actions that were performed on one or more meters and tracked by module 2308, including log retrieval, and firmware updates that were performed. The meter action history may be stored in a log file on server 2302 or in a log database coupled to firmware tracking and update module 2308. The list of actions and the runlog for each action may be displayed in a user interface of monitor 2306 to the user. The displayed results may be filtered within monitor 2306 by actions taken on individual or groups of meters 2310.

The package manager 2304 includes a package builder 2305 configured to generate a firmware package 2312, given, the firmware, meter type, firmware type, and firmware version.

Additional package information in the package 2312 may include additional resource files and/or change logs. The package 2312 may contain a metainfo file, which contains information about the package 2312. The metainfo file is automatically constructed by the package builder 2305 in uploader 2304, from user entered fields. Each file to be uploaded may have an entry in the metainfo to describe what to do with the file. For example, some files for some meters 2310 are firmware, but others are configuration files (such as pictures) that need to be file transferred into the meter 2310. The metainfo may include a change log field that allows the package builder to add information about why a user may want to update this firmware.

The package builder 2305 of uploader 2304 is configured such that the private key is hardcoded into the software, and not accessible by the users. In one embodiment, the user interface of the package builder 2305 includes a field to query the public key to use for verifying signatures. The user interface of the package builder 2305 may have a save button, which saves a local package file. Furthermore, the package builder 2305 may be configured to support loading a package, which reads in a package, and displays all of its fields to a user in a user interface of the package builder 2305 for further editing.

Uploader 2304 may include a package uploader module 2352 for uploading packages 2312 to server 2302. The package uploader module 2352 may be configured to interrogate server 2302, query package information of server 2302, and display all available configurations to the user in a user interface. The package uploader module 2352 may include the ability to overwrite a package, if the wrong package was uploaded. This may be implemented as a remove/add pair. The package uploader module 2352 may include the ability to validate signature of a server package by retrieving the package file from webserver 2302 and then verifying that its signature is correct. In some embodiments, the package uploader module 2352 is configured such that if the user is currently editing a package 2312 already stored on the server 2302, the package 2312 is uploaded to the server 2302. The package uploader module 2352 may further be configured such that when uploading a package 2312, a copy of the package is saved to the package directory local to the package editor, before uploading the package 2312 to the server 2302.

It is to be appreciated that the package builder 2304 includes an interface that is displayed to a user and used to edit and upload compatibility lists to the server 2302. The interface may provide jump links between the firmware and compatibility sets to ease finding associated packages and sets.

The caches 2301, 2311 in server 2302 and firmware tracking and update module 2308, respectively, contain a hierarchical list of all meters and firmwares available in the caches. The caches 2301, 2311 in server 2302 and firmware tracking and update module 2308, respectively, support a list of all available firmwares, not just the most up to date firmwares but prior versions of the firmwars. Furthermore, the caches 2301, 2311 support an indicator of which firmware is the most up to date, for any particular meter type. The caches 2301, 2311 each contain a compatibility list (2315, 2317, respectively), which is used in conjunction with the firmware packages 2312 by firmware tracking and update module 2308 to determine what firmware is compatible with what hardware/firmware.

Wrapper application 2316 is configured to provide a Command Line Interface (CLI) for communicator module 2314 to launch the wrapper with to verify a package and determine whether an update is recommended. Communicator module 2314 includes a copy of the latest cache index file (i.e., a collection of firmwares and compatibility sets stored in a cache of communicator module 2314). The wrapper application 2316 extracts each package's index file, compares it with the current index file stored in the cache of communicator module 2314 and updates it accordingly.

In FIG. 25 , the design of system 2300 including communicator module 2314 and wrapper application 2316 is shown in greater detail. Each of the components 2302, 2304, 2306, 2314, 2316 of system 2300 shown in FIG. 25 are configured to perform several functions.

Package manager 2304 is configured to receive firmware data 2502 (e.g., from a user, such a manufacturer of meters) and create (2504) a firmware package 2506. Package manager 2304 is configured to upload (2508) the firmware package 2506 to server cache storage 2301 of server 2302. Alternatively, package manager 2304 is configured to manually import (2518) firmware package 2506. Cache 2311 of module 2308 is configured to receive firmware packages 2506 created using package manager (e.g., via package builder 2305) either directly from package manager 2304 (e.g., a manual import 2518) and/or via update (2516) from cache 2301. Where an update (2516) is received from cache 2301, the update may be triggered by periodic polling of cache 2301 by syncing module 2320 of module 2308 sync the packages stored in cache 2301 with the packages stored in cache 2301. In this way, cache 2311 will always have the most up to date firmware available. In one embodiment, module 2308 is configured to only sync the firmware packages that are compatible with the current set of meter types within a user's fleet of meters. In some embodiments, server 2302 may be configured to push newer versions of firmware packages to cache 2311 on a periodic basis without first receiving a query or being polled by module 2308. Alternatively, local cache 2311 may be kept up to date via manual import (2518) directly from package manager 2304.

Package manager 2304 is also configured to upload and/or edit (2510) compatibility lists (e.g., including information relating to which meter types support each of the firmware packages stored in cache 2301 and cache 2311) stored in cache 2301. Package manager 2304 is further configured to update package reference information stored in cache 2301 (e.g., information associated with each firmware package). Package manager 2304 is further configured to enable the deletion of firmware packages from cache 2301.

Module 2308 is further configured to maintain a meter tracking list 2522. List 2522 includes each of the meters 2310 in a fleet. For each meter 2310 in list 2522, module 2308 maintains a list of information, such as, but not limited to, the type of meter (e.g., including hardware information), the current versions of the firmware installed on the meter, the date the firmware versions were installed, and/or compatibility information related to each meter 2310. Module 2308 is configured to maintain and update the information in list 2522 using scanner module 2320 (shown in FIG. 23 ) to query each meter 2310 for the required information. Scanner module 2320 may further query cache 2301 of server 2302 for any information needed related to firmware packages (e.g., change log information, compatibility information, etc.)

Module 2308 is configured to check (2524) for available updates by comparing the list of firmware stored in the local cache 2311 to the firmware currently installed on each meter 2310. It is to be appreciated that the currently installed firmware on each meter 2310 may be indicated in meter tracking list 2522. Alternatively, module 2308 may use scanner module 2320 to query each meter 2310 for the current firmware stored on each meter 2310. In either case, if module 2308 determines that a firmware update is available for at least one of the meters 2310 in a fleet, module 2308 uses firmware update module 2319 (shown in FIG. 23 ) to upload (2526) any determined firmware updates to the at least one of the meters 2310. It is to be appreciated that, before uploading (2526) any updates to a meter 2310, module 2308 is configured to check compatibility list 2317 to determine if the updates are compatible with the hardware/software in the meter(s) 2310.

It is to be appreciated that, in some embodiments, module 2308 operates automatically to sync local cache 2311 to cache 2301, maintain/update meter tracking list 2512, check (2524) for updates for any meters 2310, and upload (2526) the firmware updates to meters 2310. Module 2308 is further configured to output for display (e.g., via monitor module 2306) any available updates (2520) to a user display, such that a user may decide (e.g., via user input to monitor module 2306) whether to update the meters 2310 in the user's fleet with the available updates. Module 2308 is further configured to output for display a list of the currently installed firmware on each meter 2310 in a user's fleet, where the information may be retrieved from module 2308 from meter tracking list 2522.

As stated above, firmware update module 2319 may use various tools, such as communicator module 2314 and wrapper application 2316 to perform updates of meters 2310. Furthermore, package manager 2304 may be configured to send packages directly to communicator module 2314, such that, communicator module 2314 may be used directly by a user to manually update meters 2310 in a fleet.

Communicator module 2314 is configured to browse (2528) packages, for example, by receiving packages from package manager 2304, receive packages from cache 2301, and/or receive packages form cache 2311. Communicator 2314 is further configured to launch (2530) wrapper application 2316, e.g., via a arguments inputted to a command line interface. Communicator module 2314 passes any packages (retrieved from package manager 2304, cache 2301, and/or cache 2311) to be uploaded to meters 2310 to wrapper application 2316 upon launch of application 2316. Wrapper application 2316 is configured to verify (2532) the package signatures to ensure integrity and authenticity of the packages. After any received packages are verified, wrapper application 2316 is configured to extract (2534) the package files for each package, read (2536) the metainfo for each package from the extracted package files, and check (2538) compatibility of the received packages (e.g., by checking compatibility list 2517). For each compatible package, wrapper application 2316 outputs a data file to communicator module 2314. Communicator module 2314 is configured to load (2542) each wrapper output file, output for display (2544), e.g., via monitor module 2306, the relevant information (e.g., obtained from the metainfo) about each loaded wrapper output file, and upload (2546) each wrapper output file to each meter 2310 determined to need an update. It is to be appreciated that communicator module 2314 may be configured to automatically upload firmware packages to meters 2310 without user input. Alternatively, communicator module 2314 may be configured to receive user input after outputting for display (2544) the information related to the potential firmware packages to be uploaded to meters 2310.

The firmware package 2312 may be composed of two or more parts: A header, which contains information about the package 2312 including signature, and data, which contains a zip of the metainfo and firmware files.

In one embodiment, the header includes the following format:

field type desc magic uint [0x13579BDF]. This field must match exactly for the package to be valid. version uint [1] Describes which version of the structure to use to parse the rest of the package file. This and the magic field are the only fields which shall not change between versions header_size uint The size of the header, including the magic and version. sig_size uint The size of the signature_buffer. data_size uint The size of the data_buffer. sig_buffer byte[ ] The signature to use to verify the data. data_buffer byte[ ] The data contained within this package. A zipped collection of files. This buffer starts at offset header_size.

It is to be appreciated that, in one embodiment, the magic and version fields never change or move (though their values may change) for any version of the package. Also, the signature may be an ECDSA signature on the data_buffer, and verified using the public key generated by the package builder program.

The data portion of the package 2312 contains a collection of metainfo, firmware, change logs, and resources. In some embodiments, the data portion of the package 2312 is all zipped together. The zipped version of the data is then converted to a byte stream, embedded in the firmware package, and the signature is generated. The metainfo file is the key file in the package, and provides information on the firmware contained within, and the list of files and how to use them. The package info specifies what kind or type of package this is and the primary version information about it. The package info specifies the type of package, where the packages may be firmware packages or resource only packages. Furthermore, the package info specifies which package updates firmware to the specified version, the meter type and which meters the firmware is compatible with, the name of the firmware this package updates, the firmware this package will update to, and when this package was released.

The metainfo may include comparison information, which specifies information on how to compare an existing meter 2310 against a given package, to determine if the package is newer. In one embodiment, all provided field types, such as firmware version and hardware version, have at least one match for the package to be compatible with the specific meter. If a field type is not specified in the package, or the meter does not have that feature, such as not having an optional expansion card, then that field is not tested. The comparison information includes various fields, such as, a type field for the type of comparison, where the type may be a firmware comparison that compares the firmware specified by the tag against the version specified by the value or a hardware comparison that compares the hardware specified by the tag against the version specified by the value. The tag field is the name of the firmware/hardware to compare. The value field is the version of the hardware/firmware to use in comparison.

The comparison information also includes a lessthan field, which performs a numeric comparison on the specified firmware. If value is greater than the meter's firmware, then the condition is true. This comparison is not performed on non-numeric firmware versions. For example, if the meter's current firmware is 0001, the comparison value is 0002, then the comparison passes, and the firmware should be upgraded. However, if the meter's current firmware is 0003, then the comparison fails. If the meter's current firmware is BA03, then this comparison is skipped.

The comparison information also includes a reject field, which performs an exact comparison on the specified firmware, and rejects the firmware as compatible. If the value is equal, then the firmware is a match, and the upgrade is rejected. If no match is made, then this condition is ignored. This condition overrides all other conditions. For example, if the meter's current firmware is

, and the reject value is

, then no matter if the other conditions pass, this update is rejected. However, if the meter's current firmware is

, then the update is not rejected.

The comparison information also includes an exact field, which performs an exact comparison on the specified firmware. If the value is equal, then the firmware is a match, and the condition is true.

The comparison information also includes an include field, which references compatibility checks from a compatibility list under this meter's common sets. For example:

-   -   <include type=“firmware” tag=“common” value=“compatset.1”/>

In this example, the compatibility set being referenced is compatset.1. In such a case, the compatibility list provided in ‘compatset.1’ would be tested in addition to the compatibility list provided in a specific firmware package metainfo.

The metainfo further includes a manifest, which is a list of all the files (other than the metainfo file itself) in the package. The manifest includes various fields, such as, fields associated with an action to perform, which specifies what to do with the package file (e.g., upload, copy, move, delete, a file field including the name of the package). The manifest also includes types, such as indexes, firmware, changelog, and resource files. The index type is a copy of the current index file of server 2302. The purpose of this included index file is to provide offline package updates to operate with more up to date compatibility information than the current cache may contain. The firmware type includes firmware components that are used to upload firmware to the meter. While there will usually be one firmware entry per package, there may be multiple firmware entries per package. In the case of multiple firmware entries, each firmware entry will be uploaded in the sequence they are in the manifest. The changelog type is a file, which is tied to a specific firmware, or for the package as a whole. The change log is a text file to be displayed to the customer when they inspect the package or are notified a new firmware is available.

It is to be appreciated that all firmware packages will be digitally signed to ensure that the firmware packages have not been tampered with, and that the firmware packages come from a verified source. The packages may be signed using the asymmetric signing algorithm ECDSA, which uses a private key (known only to the package generator 2304) to generate the signature, and a public key (included with the installed firmware tracking and update module 2308) to verify the signature. The private key may be generated once, and stored in the package builder 2305, to ensure that all signatures and public keys are generated from the same private key. If at any time, the private key needs to change, then new signatures for the packages will need to be generated, and new public key's distributed to the customers. The public key will be generated from the private key, and distributed with the installed firmware tracking and update module 2308. The public key is used to verify packages whose signature was generated with the corresponding private key. In one embodiment, the public key is hardcoded in software; while in another embodiment, the public key may be configurable.

An illustration of the hierarchy of the cache 2311 in firmware tracking and update module 2308 is shown in FIG. 26 in accordance with the present disclosure. The cache 2311 includes a root file 2602 and separate directories for each meter type 2604 (e.g., MeterType1, MeterType2 . . . MeterTypeN). Each directory for each meter type 2604 may include several files 2606, 2608, 2610. For example, each meter type directory 2604 may include reference files 2606A, boot files 2606A, run files 2606B, version files 2608A-2608C corresponding to run files 2606B, and firmware package files 2610A-2610C corresponding to each version file. The following is an exemplary root file structure:

Structure of root.xml <meters version=”1” checksum=”...”> <meter type=″E159 Run″ path=″Shark270″> <firmwares> See ‘Structure of firmwares node’ below </firmwares> <common_set> See ‘Compatibility’ set below </common_set> </meter> <meter include=”reference.xml” /> </meters> meters—The root tag of root.xml checksum—A checksum generated from the node data, if this doesn't match when re-generated the data is invalid and will be ignored. version—The version of the index file, if this doesn't match the version an instance of communicator module 2314 or firmware tracking and update module 2308 has then the index file is ignored. meter—A tag containing information pertaining to a meter that has one or more firmware packages in the cache 2311. type—The device ID of the meter in the cache 2311. Ex: 0154 Nexus 1500+ path—The simplified name of the meter formatted for ease of use on filesystems. The path is the name of the directory where this meter's firmware index and firmware packages are stored. include—For extensibility include attributes can be added in place of nested elements if sections of the root file become too large. The nested elements [firmwares, tag, version] will be loaded from the external file referenced in the value of the include attribute.

An exemplary structure of the firmware node in the root file is shown below:

Structure of firmwares node <firmwares> <tag name=“run” current=“23”> <version value=“23” package-file-name=“shark270_run_23.fw-pack” updated=“2018/07/16 18:50:34” /> </tag> </firmwares> firmwares—The root tag of firmwares node. tag—The node containing the type of firmware and its current version. name—The name of the tag. Ex: comm.boot, run current—The version of the current firmware for the tag. version—The node containing the version of the package, filename, and when it was last updated. package-file-name—The filename of the firmware package. updated—Reflects the date/time that the package was uploaded or updated. common_set—The root tag of the Compatibility node.

Referring to FIG. 27 , the composition of the cache 2311 with compatibility set relations included in the cache 2311 of FIG. 26 is shown in accordance with the present disclosure. It is to be appreciated that FIGS. 26, 27 may also represent the structure of cache 2301. Compatibility set metainfo is useful for determining update paths for beta [non-numeric] firmware releases. Utilizing this cache composition, the selection of which meters get updates can be fine-tuned based on not only on current firmware but on current hardware as well. It is to be appreciated that FIG. 27 is a description of the conceptual structure of package references and compatibility sets, and does not describe physical storage. All files are physically stored in the various firmware caches. A copy of the compatibility set/cache index is stored in each cache, as well as an independent copy with communicator module 2314, as well as a copy (stripped down to specific meters) in each package.

As shown in FIG. 27 , the root node 2600 includes several meter types 2604 (e.g., meter 2604A, 2604B, 2604C), where each meter type 2604 includes firmware files or packages 2704. Each firmware file or package 2704 may include several versions or associated values 2608, which reference compatibility attributes 2706 and compatibility sets 2702. It is to be appreciated that compatibility attributes 2706 indicate which compatibility sets the versions 2608 of firmware files or packages 2704 are compatible with.

An exemplary structure of a comparison node inside the metainfo file is shown below.

Structure of a comparison node inside of a metainfo.xml file <comparison> <lessthan type=“firmware” tag=“comm.run” value=“0002” /> <reject type=“firmware” tag=“comm.run” value=“0000” /> <exact type=“firmware” tag=“comm.run” value=“BA03” /> <include type=“firmware” tag=“common” value=“compatset.a” /> </comparison> type—The type of comparison (firmware, hardware, mixed[include]). tag—The name of the package, for include elements this will be ‘common’. value—The value used for comparing the package, for include elements this will be the name of the set. lessthan—When comparing, the system of the present disclosure checks if the value is less than the value specified in the value attribute and performs the update if the value is less than the value specified in the attribute value. reject—When comparing, the system of the present disclosure checks if the value is equal to the value specified in the value attribute, rejects the update if the values match, and discards any further/previous comparisons. exact—When comparing, the system of the present disclosure checks if the value is equal to the value specified in the value attribute and perform update if the values match. include—Include all ‘exact’ conditions from this meter's common_set with the name given.

It is to be appreciated that, in one embodiment, these compatibility checks will have lower precedence than the ones directly added to the package's metainfo. As described above, copies of the compatibility sets may be concurrently stored in various locations throughout the system 2300. This enables the system 2300 to be self repairing, such that if one cache is out of date, a newer one can override the out of date cache. As such, in the case of a package's compatibility set, this will have been created when the firmware was released, and thus is of greater relevance then a general compatibility set created prior.

In one embodiment, firmware upgrades displayed to the user in monitor 2306 for selection to update meter 2310 with are filtered based on what hardware/firmware the upgrades are compatible with. However, what hardware/firmware a firmware is compatible with cannot be defined ahead of time. To account for this, a common set 2702 of compatibility features (stored in caches 2301, 2311) is defined that any particular firmware will reference. When hardware/firmware revisions are updated, they can be added to the common set 2702, and all old firmwares that support it will automatically include it.

In one embodiment, when a new hardware/firmware version is created that is not compatible with old firmware, a new compatibility set 2702 is created, and the new firmware references the new set. In this way, the old firmware does not include the new hardware/firmware in its compatibility set, and thus is not compatible.

An exemplary structure of the compatibility set node of the cache is shown below:

Structure of a common_set node <common_set version=“1” updated=“2018/07/22 10:35:07”> <compatibility name=“compatset.1”> <exact type=“hardware” tag=“dsp” value=“A” /> <exact type=“hardware” tag=“dsp” value=“B” /> <exact type=“firmware” tag=“card.net” value=“3.1” /> <exact type=“hardware” tag=“flash” value=“A” /> </compatibility> <compatibility name=“compatset.2”> <exact type=“hardware” tag=“dsp” value=“B” /> <exact type=“firmware” tag=“card.net” value=“3.1” /> <exact type=“hardware” tag=“flash” value=“B” /> </compatibility> </common_set>

The root node 2600 contains the list of all compatibility sets 2702. Each compatibility set 2702 includes a unique name/metertype 2604 pair. The unique pair is used as a common reference when determining firmware compatibility.

<common_set version=“1” updated=“2018/07/22 10:35:07”

version—The format version of the XML structure.

updated—When this list was last updated.

compatibility—A set of firmware and hardware versions that are permitted by this compatibility set. If a feature or version is not included, then the set is not considered compatible with it.

<compatibility name=“compatset.2” type=“hard are” metertype=“E159”>

name—The lookup name for this compatibility set.

exact—Specifies that the compatibility set includes the specific version of hardware or firmware. Note that multiples of the same type/tag combination are permitted, to allow a list of multiple permitted versions.

<exact type=“hardware” tag=“dsp” value=“A” /> <exact type=“hardware” tag=“dsp” value=“B” /> <exact type=“firmware” tag=“card.net” value=“3.1” /> <exact type=“hardware” tag=“flash” value=“A” /> type—The type of the compatibility check. Either hardware or firmware. tag—The name of the hardware/firmware. value—The version of the hardware/firmware.

Referring to FIG. 28 , the chaining of various hardware compatibility sets 2702 is shown in accordance with the present disclosure.

Firmware tracking and update module 2308 is configured to determine the correct upgrade path between beta and final releases for a firmware by using the compatibility sets 2702 stored in cache 2311. Firmware packages 2312/2608 can reference the compatibility sets 2702 of other packages utilizing the ‘include’ tag. FIG. 28 illustrates the referencing between compatibility sets 2702 using tags.

For example, in FIG. 28 , the first release ‘0001’ 2608D is compatible with DSP version A, Net version 3.1, and Flash version A. The second release BK02 2608C, a beta, supports Flash B as well as compatibility set A 2702A. The next release ‘0002’ 2608B is compatible with BK02 2608C and CompatSetB 2702B, however not with ‘0001’ 2608D. The final release ‘0003’ 2608A is compatible with ‘0002’ 2608B and CompatSet B 2702B. Below is a summary of the upgrade paths and compatibility of each of the releases shown in FIG. 28 :

0001 Release 2608D

Initial Release, no upgrade path

Compatible with Set A 2702A: DSP vA, Network card v3.1, and Flash vA

BK02 Release 2608C

Beta Release

Compatible with Set A 2702A: DSP vA, Network card v3.1, and Flash vA

Adds Flash B hardware compatibility

0002 Release 2608 B

Official release of Flash vB compatibility

Compatible with Set B 2702B: DSP vA, Network card v3.1, and Flash vB

Cannot upgrade from v0001 2608D

Can upgrade from beta BK02 2608B

Not compatible with Flash vA, as Set B does not contain that version.

0003 Release 2608 A

Firmware Release for features

Compatible with Set B 2702B: DSP vA, Network card v3.1, and Flash vB

Compatible with v0002 2608B

Firmware tracking and update module 2308 is configured with import features to enable a user to choose a package to be imported into the cache 2311 of firmware tracking and update module 2308. Referring to FIG. 29 , a method 2900 occurring after a user chooses (i.e., in a user interface of monitor 2306) a package to be imported into the cache 2311 of firmware tracking and update module 2308 is shown in accordance with the present disclosure.

In step 2902, when the user selects a package to import, firmware tracking and update module 2308 loads the current contents of the cache 2311 into a memory of the computing device running firmware tracking and update module 2308. In step 2904, the package the user chose to import is validated, and if its signature is invalid, in step 2906, the import is terminated and method 2900 ends. If the signature of the package was valid, in step 2906, the metainfo file is extracted from the package, in step 2908, and the contents are read in. Using the contents of the metainfo, firmware tracking and update module 2308 checks if meter, firmware, and version directories exist and creates them if necessary, in step 2910. In step 2912, the cache's root index file is created or updated by firmware tracking and update module 2308 with an entry for the meter 2310 pertaining to the package. Additionally, the firmware index file for this firmware type is created or updated by firmware tracking and update module 2308 with an entry containing this firmware's tag and value. In step 2914, the package is added to the cache or overwritten in the cache if it already existed by firmware tracking and update module 2308.

Firmware tracking and update module 2308 is configured to determine if a firmware is compatible with a particular meter 2310 in the fleet when a firmware update is retrieved from the cache 2311. Referring to FIG. 30 , a method 3000 occurring when a firmware update is retrieved from the cache 2311 of firmware tracking and update module 2308 for a particular meter 2310 is shown in accordance with the present disclosure.

In method 3000, when firmware tracking and update module 2308 checks its cache 2311 for an update for a specific meter's firmware type, firmware tracking and update module 2308 first loads the contents of its cache 2311 into memory, in step 3002. Once the cache 2311 is loaded, firmware tracking and update module 2308 enumerates through all the relevant firmware packages for this meter, in steps 3004, 3006. Firmware tracking and update module 2308 loops over the firmwares that could be updated in the meter (run,boot,etc) in, step 3004, then firmware tracking and update module 2308 loops over all available packages for each one of those firmwares, in step 3006. Each firmware package can contain a list of comparisons and included compatibility sets. Each comparison will be evaluated (steps 3008, 3010) and if a reject tag/value is matched (steps 3020A, 3020B), an update to that package will be rejected (step 3012). Additionally, any lessthan comparison that is evaluated where the meter's firmware tag/value is greater (steps 3020A, 3020B) will result in an update rejection (step 3012). Alternatively, where the meter's firmware tag/value is exactly the same or less than the tag/value (steps 3020A, 3020B), the update will be stored (steps 3014A,B). It is to be appreciated that a similar process is followed for evaluating the included compatibility sets. The linked compatibility set will be enumerated along with any overriding comparisons that were added. It is to be appreciated that at the “List End” steps 3016A, 3016B, 3016C, 3016D of method 3000 firmware tracking and update module 2308 determines whether the end of the enumerated list has been reached (i.e., no more items in the list to be evaluated). It is to be appreciated at step 3018 “Return Stored Package if no null” in the method 3000 in FIG. 30 firmware tracking and update module 2308 will return compatible firmware packages if found.

Referring to FIG. 31 , the relationship between the package manager 2304, server 2302, and firmware tracking and update module 2308 is shown in greater detail in accordance with the present disclosure. Package manager 2304 (e.g., used by a user 3114, such as, a manufacturer of the meter 2310) interacts with server 2302 in at least the following ways: uploading or overwriting 3102 packages, deleting 3104 packages, verifying 3108 packages, listing 3110 packages, editing 3106 compatibility sets, and creating 3112 packages. In one embodiment, package manager 2304 performs these actions by either writing directly to a local or network attached file system, such as the local hard drive, or a windows NTFS share or alternatively using writing to a remote server using a web protocol, such as FTP or HTTP or other types of protocols. In one embodiment, firmware tracking and update module 2308 communicates with the deployment server 2302 by means of HTTP requests. Firmware tracking and update module 2308 interacts with server 2302 by retrieving/reading information (e.g., downloading 3202 compatibility sets, downloading 3204 firmware packages, and downloading 3206 index files), which is shown in greater detail in FIG. 32 .

Package manager 2304 also includes a compatibility list editor in the package builder 2305 configured to enable a user to edit a compatibility list (e.g., list 2315 or list 2317). Referring to FIG. 33 , a method 3300 for using the package builder 2305 of uploader 2304 is shown in accordance with the present disclosure. In method 3300, any number of compatibility sets may be added, in step 3302, and saved, in step 3304. In step 3306, package creation is initiated, where, in step 3308, basic meta-info, such as, meter, type, tag, and version information described above is entered. In step 3310, compatibility sets are downloaded from server 2302. In step 3312, the sets are parsed and the set names are displayed in an inclusion list. In step 3314, the names of sets to include and the addition of any overrides are selected. In step 3316, any desired comparisons (e.g., reject, exact, lessthan, described above) are added. In step 3318, the generated files may be added to the package and files are compressed and the archive is signed, in step 3320.

Referring to FIG. 34 , a user interface 3400 of the package builder 2305 of uploader 2304 is shown in accordance with the present disclosure. As shown in FIG. 34 , the user interface 3400 of the package builder 2305 enables a user to add, clone, edit, and/or delete compatibility sets (e.g., via one or more user selectable buttons) in the server 2302. In this way, the package builder 2305 can easily maintain the cache 2301 of server 2302 from the compatibility set editor of the package builder 2305. When the package builder 2305 opens the compatibility set editor, the compatibility list 2315 in the server 2302 is downloaded, parsed, and displayed. If the package builder 2305 needs to create a new compatibility set containing similar compatibility checks to a previous set, the package builder 2305 is configured for doing so by cloning a compatibility set in the list (e.g., via selection of the “Clone Set” button shown in FIG. 34 ). Existing compatibility sets can be modified by selecting the “Edit Set” button in the user interface 3400.

Referring to FIG. 35 , the compatibility set editor of the package builder 2305 includes a compatibility set editor form interface 3500, which allows the package builder to create/edit a set's name (based on user input to the fields in the UI 3500 of FIG. 35 ) as well as the hardware/firmware tags and versions for which to accept and allow a firmware update.

Referring to FIG. 36 , a method 3600 shows the interactions between the package builder 2305 and the package in accordance with the present disclosure. The package builder 2305 is configured to select files to include in the package, in step 3602, and selects an action and type for the selected file, in step 3604. In step 3606, the selected file, action, and type is added to a grid (e.g., displayed to the user in a UI of monitor module 2306, e.g., FIGS. 45 and 46 ) and list of files to compress. In step 3608, package builder 2305 is configured to add metainfo describing various important details about the firmware package. In step 3610, the package builder 2305 is configured to add the compatibility to the grid. In step 3612, the package builder 2305 is also configured to remove files from the list of files to be added to the package if a mistake was made or for any other reason. In step 3614, the files selected for removed are removed from the grid and compression list. Once the package's metainfo and included files are satisfactory, the package builder 2305 is configured to save the package, in step 3616. After the package is saved, the package builder 2305 is configured to save changelog data entered and metainfo entered to files. A copy the index file stored in a cache of package manager 2304 is made by the package builder 2305 and updated, in step 3618. In step 3620 the package builder 2305 creates the package. Next, all the files are compressed, in step 3622, and then a signature is applied to the compressed archive by the package builder 2305, in step 3624.

Referring to FIG. 37 , a UI 3700 of a package creator form of the package builder 2305 is shown in accordance with the present disclosure. The package creator form is configured to enable the user to create a firmware package with the necessary files and metainfo via one or more user selections and/or inputs to UI 3700. The metainfo may include the meter, firmware tag, firmware version, compatibilities, and file inclusions/types. The changlog is a text file containing information meant to inform users about what purpose this firmware package serves. For the purposes of the package creator form, the firmware is the actual hex/binary/other file that will be overwritten on the meter, the resource is any other file utilized by the meter (e.g., meter website files), comparisons are the conditions for which this firmware package can be used, e.g., ‘exact’, ‘reject’, ‘lessthan’, or ‘include’, and the files can be added by pressing the add button. Doing so will prompt the user within the UI of the package builder to browse to the file they'd like to select. Once the file is added by the package builder, the user can select the type of file and action to perform in the ‘File Details Grid’, where the type may be a resource or a firmware and the action may be upload, move, copy, and/or delete.

Referring to FIG. 38 , a method 3800 performed when a firmware package is uploaded using the package manager 2304 to server 2302. When the firmware upload process is started, in step 3802, the package manager 2304 ensures the directories on the server 2302 are prepared for the firmware package. After the directories are found or created, the firmware package file is copied or uploaded into the remote directory, in step 3804. Following the file transfer, the package manager 2304 checks if the server 2302 has an index file, in step 3806, if it does, the index file is saved to a local temporary location, in step 3808. Conversely, if it was not found, the package manager 2304 is configured to create an index file at a temporary location, in step 3810. The package manager 2304 indexes the package in this temporary index file, in step 3812, and the user is prompted whether to set the package file indexed as the current version, in step 3814. If the user indicates, via user input, to set the package file indexed as the current version, the package file is marked as current in the index by package manager 2304, in step 3816. Alternatively, if the user does not indicate to set the package file indexed as the current version, the method proceeds to step 3818. Then, the package manager 2304 loads any firmware compatibilities from the cache of package manager 2304 as well as compatibility sets and saves them to the temporary index file, in step 3818, 3820. In step 3822, the temporary index file is uploaded or copied over the old copy in server 2302.

Referring to FIG. 39 , the package manager 2304 (shown in FIG. 23 ) is shown performing various functions within the system 2300 of the present disclosure. The various functions performed by package manager 2304 are referenced by reference numbers 3902-3918 in FIG. 39 . The package manager 2304 is configured to create (3902) and edit (3904) packages using a package creator 3920 included in package manager 2304. Package creator 3920 is configured to use metainfo creator 3928 included in package manager 2304 to add metainfo (3918). The package manager 2304 is further configured to verify (3906), delete (3908), upload (3910), overwrite (2912), browse, view (3914), and download packages. The upload (2910) and overwrite (2912) package functions are performed by package uploader 3922 It is to be appreciated that components 2304, 3600, and 3922 are each part of the same software or module of the system of the present disclosure It is to be appreciated that viewing (3914) includes viewing package details 3924 of a package. Package manager 2304 is further configured to edit compatibility sets (3916) via compatibility set editor 3926 included in package manager 2304.

Several of the actions or functions (3902-2918) performed by package manager 2304 are described below:

-   -   Verify Package (3906): The package manager 2304 downloads a         package from server 2302, when finished downloading, the         signature of the package is checked and the user is informed         (e.g., in a UI of manager 2304) whether the package's signature         was valid or invalid.     -   Delete Package (3908): The package manager 2304 removes any         indices referencing a given firmware package and then deletes         the signed package file from the server.     -   Upload Package (3910): The package manager 2304 uploads the         signed package file to the server 2302, and then adds an index         to the proper firmware index file as well as meter index file if         necessary.     -   Overwrite Package (3912): The package manager 2304 uploads the         signed package file to the server 2302 replacing the previously         uploaded package.     -   Browse: View tree of all meters and every firmware available for         the particular meter as well as its version and whether this         firmware is the current version available.     -   View Package Details (3914): The package manager 2304 downloads         the signed package from the deployment server 2302, extracts the         metainfo from the package, parses the XML and then displays the         package details to the user in a grid.     -   Download Package: The package manager 2304 download the signed         package from the deployment server to a local directory.

The package manager 2304 is the root form of the package manager 2304. From the manager 2304 all functions of the package manager 2304 can be accessed. Referring to FIG. 40 , a UI 4000 of package manager 2304 is shown in accordance with the present disclosure. In order for the uploader 2304 to perform tasks, the FTP connection (i.e., between the uploader 2304 and server 2302 of FIG. 23 ) options must first be configured in the options menu 4100 of the UI 4000, which is shown after having been selected in FIG. 41 . The fields of the option menu UI 4100 include:

-   -   Local Root—The directory where the package manager 2304 is         configured to maintain its package cache.     -   Remote Root—The address of the deployment FTP Server 2302 in the         format ftp://myhost/     -   Username—FTP Username     -   Password—FTP Password     -   Secure Connection—When checked, the package manager 2304 is         configured to use ‘Username’ and ‘Password’ for FTP         authentication     -   Package Manager Font Size—Font size for the package details         grid, which is selectable by the user within the option menu UI.

Referring to FIG. 42 , firmware tracking and update module 2308 includes a cache updater 4202 (e.g., syncing modules 2322 shown in FIG. 23 ), which is shown interacting with several components of system 2300 in accordance with the present disclosure. The cache updater 4202 is an internal script, similar to the software update script described above, which checks the server cache 2301 of server 2302 for new versions of the firmware packages. The cache updater 4202 is to be automatically created as part of a script runner initialization, and in some embodiments runs once a day, however other intervals are contemplated to be within the scope of the present disclosure.

Referring to FIG. 43 , a method 4300 that is performed when the cache update script 4202 is run is shown in accordance with the present disclosure. The cache updater script 4202 starts by loading the cache 2311 into memory by reading its index file, in step 4302. After this, the index file from the webserver 2302 is downloaded to a temporary file, in step 4304. If the cache index file exists, the entries are compared and the missing entries (firmwares, compatibility sets) are added to the local index. If no cache index exists, the downloaded index is copied into the cache directory. Following this the script iterates through each meter entry (step 4306) and checks if a directory with the name of the current meter's path attribute exists, if it doesn't it is created in the cache. Next the script iterates through every firmware entry (step 4312) in the server index and checks if it is missing or newer than the cache index. If it is missing or newer, the package is downloaded using the information from the index files (path, tag, version, package-file-name) to piece together the download URL. Once the package download is finished, the script checks the package's signature, in step 4318. If the signature is invalid, a script error is logged, in step 4324, and the script moves on to the next firmware entry, in step 4312. If the signature was valid, in step 4318, the script ensures the firmware's name and version directories exist by creating them if they were missing, steps. Next the script exists if the current firmware entry exists in the cache and adds it if it's missing. Lastly the script copies the package downloaded earlier to the directory firmware's version directory.

Referring to FIG. 44 , a firmware tracker 4400 of firmware tracking and update module 2308 is shown in accordance with the present disclosure. The firmware tracker 4400 (e.g., scanner 2320) is multiple processes of the firmware tracking and update module 2308 that query meter information, and log the queried information in the firmware tracking and update module database (i.e., a database stored in a memory of the client device 2390 running firmware tracking and update module 2308). Discovered settings, such as firmware, are stored in the devices.devsettings table. The main areas that collect the meter information are: Online Scan 4402, Discovery Scan 4404, Quick Connect in CommExt or communicator module 4406, Manual Connect 4410. When a new value is discovered, the old value is archived by firmware tracker 4400 to the devices.devsettings_history table 4408, which is used to provide a history 4410 of the firmware in the meter 2310. This update process of firmware tracker 4400 is also configured to compare the current firmwares being stored, with the cached current version, and if a newer version is found, an update indicator displayed in monitor module 2306 will be set.

The features of the update indicator will now be described. The firmware is tracked by tracker 4400 using the devices.devsettings table 4408. Since the properties in this table 4408 get propagated up through the DeviceObject, this table 4408 is tied into to the UI of monitor module 2306 to indicate that a firmware is available or recommended for update. In one embodiment, only one field need be used to indicate that further inspection is needed. The UI can then perform the individual inspections necessary to determine what the change is as a secondary verification that the update is still valid.

The update indicator is configured to add a new devsettings.devset_tag fw.update.noify, with the possible values:

-   -   none/null—If the tag is non-existent, or has the value of none,         then there is no update.     -   available—An update is available, but we cannot determine if the         firmware should be updated. This can happen when either the         meter or cache firmware is a letter, or has no upgrade path         specified.     -   recommended—An update is available for this meter. The UI should         check with the cache for the specific package that is         recommended.

In one embodiment, the update indicator of monitor 2306 is configured to send an e-mail to a user when new firmware is available. A notification center (i.e., monitor 2306) of the system provides notification and a list of system wide events and errors.

Various features of the UI of the firmware tracking and update module 2308 (i.e., monitor 2306) of the present disclosure will now be described.

The UI of firmware tracking and update module 2308 includes a local cache report configured to provide a list of all firmwares 2312 in the local cache 2311, allow a user to import new firmware packages into the local cache 2311, and quickly trigger all meters in a fleet to update to a specific version. The UI 4500 for the local cache report is shown in FIG. 45 in accordance with the present disclosure.

The local cache report UI 4500 is configured to display a list of all the available firmwares in the local cache 2311. In one embodiment, current firmwares, old firmwares, and/or obsolete firmware are marked using distinct indicators for distinguishable identification within the UI 4500. The local cache report UI 4500 includes firmware info, which displays information about the currently selected firmware in the available firmwares list. The local cache report UI 4500 is also configured to display the firmware compatibility rules for the selected firmware and the package viability (which indicates if a firmware package is recommended, or obsolete). The local cache report UI 4500 includes an import button or selection means 4502, which allows the user to manually import a package into the local cache 2311, and an update all button or selection means 4504, which is configured to cause all meters which match the compatibility rules for the currently selected firmware to be updated by module 2319 (described above and shown in FIG. 23 ).

Firmware tracking and update module 2308 further includes a meter audit, which is outputted for display to the user via monitor module 2306. The meter audit UI 4600 is shown in FIG. 46 in accordance with the present disclosure. The meter audit UI 4600 includes lists of all meters 2310 in a fleet, and their current firmwares. Because meter types may not have a homogeneous set of firmwares, the firmware list is represented as a jagged grid. In one embodiment, all firmwares which are have newer versions are marked with the update recommended indicator by module 2306. The meter audit UI 4600 includes a list of the current firmwares in the selected meter, when they were last updated (when available), and an update recommended indicator when firmware tracking and update module 2308 determines an update is recommended. The meter audit UI 4600 also includes a list of all the firmware packages available for the selected firmware and their details. The meter audit UI 4600 is configured such that if any meter's firmware is currently being updated by the firmware tracking and update module server 2308, then this is indicated by an updating indicator and the progress (if available) is also indicated. firmware tracking and update module 2308 is configured to communicate with server 2302 to cause server 2302 to update the currently selected meter to the currently selected firmware package. If the currently selected firmware is recommended to be updated, the meter audit UI 4600 marks it with the update recommended indicator. The meter audit UI 4600 includes an update all button or means 4602, which, when selected, is configured to updates all firmware, for all meters, to the current recommended firmware, if available. In one embodiment, after the update all button or means 4602 is selected, the user will be warned before continuing. UI 4600 also include an update button or selection means 4604, which, when selected, may be configured to update individually selected meters and/or individually selected firmwares.

In one embodiment, firmware tracking and update module 2308 includes a main device list. The main device list includes an add firmware column button or selection configured to enable a user to add a firmware column to the device list, which lists the current version of the main firmware. In one embodiment, the main device list includes an add update indicator, which is an indicator in the firmware column, that indicates if any firmware is recommended to be updated. The main device list is configured such that clicking the indicator brings up the following options: (1) View Meter Firmware Audit, which, if selected shows the meter audit, with the meter and firmware selected; (2) Update Firmware, which, if selected, triggers the firmware to be updated to the recommended version; and (3) Add Firmware Update Progress, which, if selected, when the firmware of a meter is being updated, indicates this with an updating indicator in the Firmware Column. In one embodiment, the main list is configured to display the current progress and status in the Next Action column.

Firmware tracking and update module 2308 further includes a firmware updater 2319. The features of the firmware updater 2319 are shown in FIG. 47 and will be described below.

The firmware updater is comprised of three components: The UI layer 4702 that triggers the firmware updater, the update script 4704 that contains the actual execution of the firmware updater, and the update wrapper 4704 (i.e., wrapper 2316) that is configured for uploading firmware to the meter.

To manually trigger an update, a command such as

or

RPC command 4708 is entered into the UI 4702. The

command is configured to update the firmware for a specified meter. It is to be appreciated that the [device] portion of the command indicates the device to update the firmware for and the [fw] portion of the command indicates the firmware to update on the meter. If the [fw] portion is not specified, the firmware updater will update all firmware that the updater determines are out of date. If not specified, the updater will update firmware to latest version specified by the cache. The

command is configured to update the firmware to the latest firmware version for a specified group of meters within the fleet. The [group] portion of the command specifies the group to update. It is to be appreciate that, internally, both commands generate run-once update scripts, with the appropriate device, group, and firmware specified. In one embodiment, the firmware update can be triggered by creating the update script 4704 directly, with the

command. This allows more direct control over the parameters.

The update script 4704 is a script class which hosts the instance of the update wrapper class. In one embodiment, the update script 4704 uses the OnStatus of wrapper 2314 to pipe the output to the runlog.

The update wrapper 4706 provides a wrapper around verifying the update, backing up the meter, performing the update itself, and managing the status reporting. The update wrapper 4706 includes at least the following functions:

-   -   Update—Top level function, used to trigger the actual update.     -   VerifyUpdate—Given a meter and a package, verifies that the         package is allowed to update that meter, at the current time.     -   VerifyPackage—Verify the integrity of the given package, by         checking the signature.     -   Backup—Performs a backup of the meter.     -   ILog—UpdateWrapper implements the ILog interface to report         status and errors back to the UI and logs.     -   IProgress—UpdateWrapper implements the IProgress interface to         report progress back to the UI.

The verify update function is useful for verifying that an update should be approved for several reasons: things could have changed since the time the meter was marked as needing an update, such as a newer version being available, the meter's firmware was already updated, or the package could have been corrupted. The verify update function is configured to check the meter's type, check the meters firmware, check the package update is still compatible, and verify the package is still valid. If any check fails, the error is logged by firmware tracking and update module 2308, and the update is aborted.

The backup meter function provides some stability and system recovery options by backing up some portions of the meter before updating the firmware. The portion may include programmable settings and logs. Since the backup may take a long time, the backup meter function is configured to include an enable/disable function on a per meter, per group, or global basis. The enable/disable function includes the following commands

-   -   disabled: Meter backup is disabled.     -   full: Everything is backed up, as relevant to the meter type.     -   progset: The programmable settings are backed up.     -   logs: The logs are backed up.     -   tou: The TOU settings are backed up, for meters that support it.     -   screen: The screen or lcd settings are backed up, for meters         that support it.

The backup meter function is configured such that the first backup performed for a meter being updated is the backup of all its programmable settings. The next backup performed is the time of use (TOU) calendar settings backup. Upon completion of the TOU backup, the screen profile will be backed up. Lastly, the meter's logs will be backed up by triggering a log retrieval script for the meter.

The firmware updater further includes the ability to shell communicator module 2314. Shelling communicator module 2314 enables a user to upload firmware to a meter 2310. The process of using communicator module 2314 to upload firmware to a meter 2310 is shown in FIG. 48 in accordance with the present disclosure. Uploading firmware via communicator module 2314 includes shelling the application with the firmware upload command line and waiting for the process to finish. Information and status about the upload is provided via the—runlog option to communicator module 2314 and the status file is read to provide feedback from the wrapper application 2315.

The firmware updater includes runlog and status features. The runlog is configured to contain the sequence of actions of the firmware update and may be forked for each device being updated. Status updates are configured to be propagated upwards using the OnStatus event. Once at the Update Script 4704, the status for each device is stored in the script status table metermanager.script_status.

Firmware tracking and update module 2308 is configured to track all actions through the runlog system via a meter action history feature which is shown in FIG. 49 in accordance with the present disclosure. However, since this is tied to scripts, and not individual meters, it is difficult to determine what happened to any particular meter. The Meter Action History accounts for this by keeping track of the individual runlog forks for each meter in a runlog and separates them out for viewing by the user (e.g., via monitor 2306). Additionally, the meter action history feature provides access to the log history of actions which were not performed under the auspices of a static log, such as manual log retrieval

In one embodiment, the meter action history is configured such that an independent table keeps track of each top level action performed providing an easy overview of all actions performed on the meter. In a further embodiment, the Meter Action History integrates external actions, such as, but not limited to Programmable Settings Update, Log Resets, etc., as tracked actions.

In one embodiment, the meter action history is configured with a logging feature. The logging feature is configured such that, when an action is performed, such as Log Retrieval, in addition to forking the runlog for the device, firmware tracking and update module 2308 writes an entry into the Meter Action History table with the fork ID. This can then later be used to pull the device specific actions out of the main runlog.

In one embodiment, the meter action history is configured with a table feature. The metermanager.actionhistory table is configured to track the actions taken on individual meters, and provides the link to the sub-fork of the runlog that contains the details of those actions. An example representation of the table feature is shown below:

ah_index ah_devkey ah_runlogfork ah_action ah_desc ah_result ah_time 7 12345678 1435.2 Log Retrieved 0 2018/07/30 Retrieval hist.1, 00:37:25 Waveform 8 23456789 1523.1 Log Retrieved 1 2018/07/30 Retrieval System 07:15:01 Events 9 12345678 1525.0 Firmware comm.run 0 2018/07/30 Update updated to 08:01:54 v0003

In the table above, the column headings include:

-   -   ah_index [serial, primary key]     -   ah_devkey [string]—The device key (serial number). Cross link         for the history of a single meter.     -   ah_runlogfork [string]—The runlog fork id of the action. The         first component is used to find the runlog to look up, and the         fork id is used for the meter specific entries.     -   ah_action [string]—The top level action taken.     -   ah_desc [string]—A description of the action taken, possibly         with details. This should be user presentable.     -   ah_result [int]—The results of the action.     -   −1—Incomplete     -   0—Success     -   1—Failed     -   ah_time [date]—The date the action was started.

The Meter Action History is presented on the Meter Configuration screen (i.e., a UI of meter action history), as an extra tab, and provides access to the history of that particular meter. A UI 5000 of the meter configuration screen is shown in FIG. 50 in accordance with the present disclosure. In one embodiment, the meter configuration screen displays the history from the actionhistory table on a portion of the UI. In one embodiment, the meter configuration screen is configured to read individual runlogs. When an individual action is selected, the runlog associated with it (if available) is read and displayed on a portion of the UI. Only entries which match the runlog fork id are included (including sub-forks).

It is to be appreciated that system 2300 described above and shown in FIG. 23 may be used to maintain and provide any type of data/information to meters 2310 in a fleet and not just firmware. For example, in one embodiment, module 2308 may be used to provide mass updates of settings, configurations, and/or any other type of data to some or all of the meters 2310 in a fleet. The updates provided via module 2308 may include, but are not limited to, programmable settings, screen files, alarm settings, password reprogramming and/or any other types of data settings. The data may be retrieved by module 2308 from server 2302 and/or uploaded manually to module 2308 by a user.

In the embodiment described above, a user may want to change a setting on a master configuration file that changes the internal logging structure of one or more meters 2310 in a fleet. To change the setting on the master configuration file, the user makes one or more changes to the file and, via firmware upload module 2319, module 2308 is configured to send the new configuration to each of the meters 2310 in the fleet that the master configuration file is intended for use with. It is to be appreciated that module 2308 may be configured to automatically send the new configuration file to any meter 2310 the file is intended for if module 2308 determines a change has been made to a master configuration file. It is to be appreciated that setting files may be downloaded by module 2308 from any meter 2310 and/or from server 2302 so that the user may edit the setting files and module 2308 is configured to determine a change has been made to the downloaded settings files and send the new settings files to the meters 2310 the settings files are intended to be used with.

Module 2308 may be configured to perform the above-described process with other types of data or files, e.g., screen files, alarm settings, passwords, etc. In each case, the file or data may be retrieved from a meter 2310 or server 2302 or manually uploaded to, or created in, module 2308. The user may make changes to the data or file and module 2308 is configured to send the data or file to one or more meters 2310 in the fleet.

FIG. 51 is a block diagram illustrating physical components of a computing device 5102, for example a client computing device (e.g., client device 2390), with which examples of the present disclosure may be practiced. Among other examples, computing device 5102 may be an exemplary computing device configured for execution of a tracking and updating firmware as described herein. In a basic configuration, the computing device 5102 may include at least one processing unit 5104 and a system memory 5106. Depending on the configuration and type of computing device, the system memory 5106 may comprise, but is not limited to, volatile storage (e.g., random access memory), non-volatile storage (e.g., read-only memory), flash memory, or any combination of such memories. The system memory 5106 may include an operating system 5107 and one or more program modules 5108 suitable for running software programs/modules 5120 such as IO manager 5124, other utility 5126 and application 5128. As examples, system memory 5106 may store instructions for execution. Other examples of system memory 5106 may store data associated with applications. The operating system 5107, for example, may be suitable for controlling the operation of the computing device 5102. Furthermore, examples of the present disclosure may be practiced in conjunction with a graphics library, other operating systems, or any other application program and is not limited to any particular application or system. This basic configuration is illustrated in FIG. 51 by those components within a dashed line 5122. The computing device 5102 may have additional features or functionality. For example, the computing device 5102 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape. Such additional storage is illustrated in FIG. 51 by a removable storage device 5109 and a non-removable storage device 5110.

As stated above, a number of program modules and data files may be stored in the system memory 5106. While executing on the processing unit 5104, program modules 5108 (e.g., Input/Output (I/O) manager 5124, other utility 5126 and application 5128) may perform processes including, but not limited to, one or more of the stages of the operations described throughout this disclosure. Other program modules that may be used in accordance with examples of the present disclosure may include electronic mail and contacts applications, word processing applications, spreadsheet applications, database applications, slide presentation applications, drawing or computer-aided application programs, photo editing applications, authoring applications, etc.

Furthermore, examples of the present disclosure may be practiced in an electrical circuit comprising discrete electronic elements, packaged or integrated electronic chips containing logic gates, a circuit utilizing a microprocessor, or on a single chip containing electronic elements or microprocessors. For example, examples of the present disclosure may be practiced via a system-on-a-chip (SOC) where each or many of the components illustrated in FIG. 51 may be integrated onto a single integrated circuit. Such an SOC device may include one or more processing units, graphics units, communications units, system virtualization units and various application functionality all of which are integrated (or “burned”) onto the chip substrate as a single integrated circuit. When operating via an SOC, the functionality described herein may be operated via application-specific logic integrated with other components of the computing device 5102 on the single integrated circuit (chip). Examples of the present disclosure may also be practiced using other technologies capable of performing logical operations such as, for example, AND, OR, and NOT, including but not limited to mechanical, optical, fluidic, and quantum technologies. In addition, examples of the present disclosure may be practiced within a general purpose computer or in any other circuits or systems.

The computing device 512 may also have one or more input device(s) 5112 such as a keyboard, a mouse, a pen, a sound input device, a device for voice input/recognition, a touch input device, etc. The output device(s) 5114 such as a display, speakers, a printer, etc. may also be included. The aforementioned devices are examples and others may be used. The computing device 5104 may include one or more communication connections 5116 allowing communications with other computing devices 5118 and/or meters/IEDs 5119. Examples of suitable communication connections 5116 include, but are not limited to, a network interface card; RF transmitter, receiver, and/or transceiver circuitry; universal serial bus (USB), parallel, and/or serial ports.

The term computer readable media as used herein may include computer storage media. Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, or program modules. The system memory 5106, the removable storage device 5109, and the non-removable storage device 5110 are all computer storage media examples (i.e., memory storage.) Computer storage media may include RAM, ROM, electrically erasable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other article of manufacture which can be used to store information and which can be accessed by the computing device 5102. Any such computer storage media may be part of the computing device 5102. Computer storage media does not include a carrier wave or other propagated or modulated data signal.

Communication media may be embodied by computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and includes any information delivery media. The term “modulated data signal” may describe a signal that has one or more characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), infrared, and other wireless media.

It is to be appreciated that the computing device 5120 may, in certain embodiments, be a mobile computing device, for example, a mobile telephone, a smart phone, a personal data assistant, a tablet personal computer, a phablet, a slate, a laptop computer, and the like, with which examples of the present disclosure may be practiced.

Further features and implementations of the enterprise-wide energy management reporting, analysis and billing system of the present disclosure may become apparent to one of ordinary skill in the art from an understanding of the description provided herein. It is to be appreciated that the various features shown and described are interchangeable, that is a feature shown in one embodiment may be incorporated into another embodiment.

While non-limiting embodiments are disclosed herein, many variations are possible which remain within the concept and scope of the present disclosure. Such variations would become clear to one of ordinary skill in the art after inspection of the specification, drawings and claims herein. The present disclosure therefore is not to be restricted except within the spirit and scope of the appended claims.

Furthermore, although the foregoing text sets forth a detailed description of numerous embodiments, it should be understood that the legal scope of the present disclosure is defined by the words of the claims set forth at the end of this patent. The detailed description is to be construed as exemplary only and does not describe every possible embodiment, as describing every possible embodiment would be impractical, if not impossible. One could implement numerous alternate embodiments, using either current technology or technology developed after the filing date of this patent, which would still fall within the scope of the claims.

It should also be understood that, unless a term is expressly defined in this patent using the sentence “As used herein, the term ‘______’ is hereby defined to mean . . . ” or a similar sentence, there is no intent to limit the meaning of that term, either expressly or by implication, beyond its plain or ordinary meaning, and such term should not be interpreted to be limited in scope based on any statement made in any section of this patent (other than the language of the claims). To the extent that any term recited in the claims at the end of this patent is referred to in this patent in a manner consistent with a single meaning, that is done for sake of clarity only so as to not confuse the reader, and it is not intended that such claim term be limited, by implication or otherwise, to that single meaning. Finally, unless a claim element is defined by reciting the word “means” and a function without the recital of any structure, it is not intended that the scope of any claim element be interpreted based on the application of 35 U.S.C. § 112, sixth paragraph. 

What is claimed is:
 1. A system comprising: a fleet of two or more intelligent electronic devices (IEDs); a server coupled to the fleet of IEDs over a network, the server including a server cache configured to store firmware for updating the IEDs, the server cache is further configured to store compatibility information indicating which types of IEDs the firmware stored in the server cache is compatible with; and at least one client device coupled to the network including a firmware tracking and update module and a local cache that stores retrieved firmware from the server cache and stores compatibility information indicating which types of IEDs the firmware stored in the local cache is compatible with, the firmware tracking and update module configured to: track versions of firmware installed on each IED in the fleet, determine which IEDs in the fleet include firmware requiring an update, and automatically update the firmware installed on any IEDs in the fleet including firmware requiring an update if the IED type is compatible with the updated firmware.
 2. The system of claim 1, wherein the firmware tracking and update module is configured to retrieve new versions of firmware from the server cache and use the retrieved firmware to update the firmware installed on the IEDs in the at least one fleet.
 3. The system of claim 1, further comprising a package manager configured to generate firmware packages and upload the generated firmware package to the server cache of the server.
 4. The system of claim 3, wherein the package manager signs the generated firmware package with a digital signature and the firmware tracking and update module verifies the digital signature before uploading the generated firmware package to each of the IEDs.
 5. The system of claim 4, wherein the package manager employs a private key to generate the digital signature and a public key, the public key being provided to the firmware tracking and update module to verify the digital signature.
 6. The system of claim 5, wherein the public key is provided to each IED for verifying the digital signature at the IED.
 7. The system of claim 4, wherein the package manager generates the digital signature with a Elliptic Curve Digital Signature Algorithm (ECDSA).
 8. The system of claim 1, wherein the firmware tracking and update module is configured to determine which IEDs in the fleet include firmware requiring an update by comparing the firmware currently installed on each IED to the firmware stored in the local cache.
 9. The system of claim 1, wherein the firmware tracking and update module includes a syncing module configured to sync the firmware stored in the server cache with the firmware stored in the local cache.
 10. The system of claim 1, wherein the firmware tracking and update module includes a syncing module configured to sync the compatibility information stored in the server cache with the compatibility information stored in the local cache.
 11. The system of claim 1, wherein the firmware tracking and update module is configured to receive a firmware package from a user to trigger a manual update of at least one IED in the fleet using the received firmware package.
 12. The system of claim 1, wherein the firmware tracking and update module is configured to notify a user of the at least one client device when a firmware update for any of the IEDs in the fleet is available.
 13. The system of claim 1, wherein the firmware tracking and update module is configured to perform an audit of the firmware currently installed on the IEDs in the fleet and any available updates for the IEDs in the fleet and output the audit for display.
 14. The system of claim 13, wherein the firmware tracking and update module is configured to indicate in the audit if any of the IEDs in the fleet are incompatible with a firmware update due to a hardware incompatibility.
 15. The system of claim 1, wherein the firmware tracking and update module is configured to track a history of firmware installed on each IED in the fleet and output the history of firmware for display.
 16. The system of claim 1, wherein the firmware tracking and update module is configured to track a history of actions performed on the IEDs in the fleet and output the history of actions for display.
 17. The system of claim 1, wherein the firmware tracking and update module is configured to enable a user to select which IEDs are included in the fleet.
 18. The system of claim 1, wherein each IED is one of a Programmable Logic Controller (PLC), a Remote Terminal Unit (RTU), an electric power meter, a revenue meter, a protective relay, a fault recorder, a phase measurement unit, a serial switch and a smart input/output device.
 19. The system of claim 1, wherein the network operates under at least one of Ethernet, DNP, ModBus and/or IEC61850 protocols.
 20. The system of claim 1, wherein the firmware tracking and update module is configured to backup at least a portion of data from each IED before updating the firmware.
 21. The system of claim 20, wherein the at least a portion of data includes programmable settings, configuration setting and/or logs.
 22. The system of claim 1, wherein the firmware tracking and update module includes a scanning module configured to query hardware information from each IED to determine if the updated firmware is compatible with the hardware of each IED.
 23. The system of claim 22, wherein the hardware information includes at least one of a version number of a printed circuit board, a model number of a processor and/or a model number of a communication device.
 24. The system of claim 1, wherein the server is an application executing on one of the IEDs. 